-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> I am certainly not going to advocate Internet-scale KDC. But what >> if the application does not need to scale more than a "network of >> friends?" > > A thousand times yes.
There is however a little fly in that particular ointment. Sure, we can develop system that manage pairwise keys, store them safely, share them between several user devices. But what about PFS? Someday, the pairwise key will be compromised, and the NSA will go back to the archives to decrypt everything. We could certainly devise a variant of DH that use the pairwise key to verify the integrity of the session keys, but that brings the public key technology back in the picture. Maybe I am just ignorant, but I don't know how to get PFS using just symmetric key algorithms. Does someone know better? - -- Christian Huitema -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v220.127.116.1164 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSLU6uAAoJELba05IUOHVQ32QH/jVt7j/FpZXc7G07fvfu8/ij 4h53Vn0dfNZmX+XLNX3yILizSz712bGEGWVnq7nPh1IB9JEbYu0lFJxzXbZB6Cv1 Owu+QKnJ1NgctggwKkaCwOELFPNEZ1amzu3f+Haxrq9knv/H2/mykpLPyRR0IU8T 8KFoud1rg7nffIW+flkEGVGgcExibjXOd8H7+/q6Mu6u4/aVJ4O3m2c1sv0kLhl3 gPIeoD8LlRBERUslkqF/jEv6PVgByLD8D94/f7wJ34e9RZQNILPH2dGdck02G/vK IimsR7K/9cB0KhNnIIqCnmxYSvm7KU97h6ejm5lyyZPTtnoDPjfEU+0w7vl5uMs= =ze/o -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list firstname.lastname@example.org http://www.metzdowd.com/mailman/listinfo/cryptography