Derek;
> > By having KDC, we need as much secret key as necessary for PKI with CAs,
> > though KDC as the trusted third party is as bogus as CAs.
> >
> > However, it is fine to have KDC as the trusted first or second party.
>
> No, it is not sufficient. The problem is that you cannot have a
> long-term store-and-forward mechanism with secret-key technology. If
> Alice wants to send a secure message to Bob using secret-key
> encryption there is no way that Bob can prove to Charlie that Alice
> sent the message without revealing their own secret key.
I do assume all the related parties are online.
> Negative. You want a key between A and D in order to maintain
> confidentiality of the transaction.
As you said;
> I admit that I did not count ephemeral keys in the count,
it's OK to have dynamically generated keys between A and D.
> > By having KDC, we need as much secret key as necessary for PKI with CAs,
> > though KDC as the trusted third party is as bogus as CAs.
> >
> > However, it is fine to have KDC as the trusted first or second party.
>
> No, it is not sufficient. The problem is that you cannot have a
> long-term store-and-forward mechanism with secret-key technology.
I'm saying we shouldn't use long-term store-and-forward mechanism,
because it is not really secure.
> Moreover,
> in electronic transactions the customer may want to have a GOOD IDEA
> that they are talking to the "right" merchant (or at least the _same_
> merchant that they were talking to yesterday). The only way to do
> this in a scalable way is Certificates.
That is a delusion.
> As much as I would love to seee Kerberos take over the world, it is
> not going to do so. Moreover, with data like DNS, you cannot use
> Kerberos because of the caching problem (see my previous statement
> about store-and-forward data not working with secret key).
Kerberos with KDCs as the trusted third parties is as bad as PKI.
> > Weak protection by HTTPS does not essentially add anything.
>
> It adds confidentiality of your payment token, and it provides
> a binding between the payment token and the paid-for object.
If you make a transaction confidential to the banks, banks can
not assist you to make it secure.
Masataka Ohta
