On Tue, Jun 26, 2007 at 02:03:29PM -0700, Jon Callas wrote: > On Jun 26, 2007, at 10:10 AM, Nicolas Williams wrote: > >This too is a *fundamental* difference between QKD and classical > >cryptography. > > What does this "classical" word mean? Is it the Quantum way to say > "real"? I know we're in violent agreement, but why are we letting > them play language games?
I don't mind using "classical" here. I don't think Newtonian physics (classical) is "bad" -- it works great at every day human scales. > >IMO, QKD's ability to discover passive eavesdroppers is not even > >interesting (except from an intellectual p.o.v.) given: its > >inability to detect MITMs, its inability to operate end-to-end across > >across middle boxes, while classical crypto provides protection > >against eavesdroppers *and* MITMs both *and* supports end-to-end > >operation across middle boxes. > > Moreover, the quantum way of discovering passive eavesdroppers is > really just a really delicious sugar coating on the classical term > "denial of service." I'm not being DoSed, I'm detecting a passive > eavesdropper! Heh! Indeed: with classical (or non-quantum, or standard, or...) crypto eavesdroppers are passive attackers and passive attackers cannot mount DoS attacks (oh, I suppose that wiretapping can cause some slightly noticeable interference in some cases, but usually that's no DoS), but in QKD passive attackers become active attackers. But it gets worse! To eavesdrop on a QKD link requires much the same effort (splice the fiber) as to be an MITM on a QKD link, so why would any attacker choose to eavesdrop and be detected instead of being an MITM, go undeteceted and get the cleartext they're after? Right, they wouldn't. Attackers aren't stupid, and an attacker that can splice your fibers can probably afford the QKD HW they need to mount an MITM attack. So, really, you need authentication. And, really, you need end-to-end, not hop-by-hop authentication and data confidentiality + integrity protection. This reminds me of Feynman's presentation of Quantum Electro Dynamics, which finished with "QED." Has it now been sufficiently established that QKD is not useful that whenever it rears its head we can point folks at archives of these threads and not spill anymore ink? Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]