On Mon, Sep 09, 2013 at 02:48:56PM -0400, Jeffrey I. Schiller wrote: > I don’t believe you can do this without using some form of public key > system.
My $.02: - protocols based entirely on symmetric keying are either PSK or a flavor of Needham-Schroeder (e.g., Kerberos) - neither PSK nor Needham-Schroeder scale - PSK fails to scale for obvious reasons - Kerberos could scale if there were TLD realm operators, but there aren't any, and there can't be because they would have too much power, thus no one would trust them (see below) - Kerberos could scale with a web of trust (PGP-like), but managing that web would be difficult, and realms that are widely trusted are... much too powerful (see below) - Kerberos KDCs have even more privileged a position than PKIX CAs: they can impersonate you to others and vice-versa (therefore they can MITM you) and they can recover all your session keys (unless you use PFS) even when they don't MITM you. This is necessarily so for any symmetric key only protocol. - To get past this requires PK crypto. It's unavoidable. - Life will look a bit bleak for a while once we get to quantum machine cryptopocalypse... Nico -- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography