Dan Harkins <[email protected]> wrote: > Think of whom you're trying to protect against. The first to have a > QC are most likely nation-states that you really aren't too happy with > today and will most likely be less happy with in 20 years. If we have > some specification on using sneaker-net with hex or bubble-babble or > base64, etc that's what's gonna be deployed and it's gonna be the > weakest link in this scheme. I dare say that your sneaker-net would > need to be protected by men with guns that you trust implicitly driving > armored cars to come close to the security you think you're getting by > mixing the PSK into the keying material.
I don't think your model (protected by men with guns) is necessarily wrong.
I am imagining Brinks trucks myself, but we can also consider a staring role
for Keanu Reeves... or Agent 86, as you wish.
> On top of that, I think it would be good to try and make sharing the
> PSK as difficult as possible. If there are > 1 people running around
Hmm. My concern is more along the lines of: getting this PSK entered
correctly is difficult, so when the boss is breathing down your neck, you
simply turn off the mechanism.
> PKIX defined a symmetric key package and it has many options to
> securely wrap an arbitrary symmetric key, or many symmetric keys in a
> package. It can also include a key id to use when describing the
> symmetric key. We should look at something like that. It's ASN.1 and
> everyone hates ASN.1 but an alternative could be defined with JSON or
> something like that. The symmetric key package can be deployed using
> the EST extensions that Sean Turner has proposed-- you authenticate EST
> using a certificate, the EST server uses your authenticated identity to
> locate your package and sends it to you. Yes it requires you to
> implement a whole bunch of other stuff but I think it's worth the price
> we're placing on the PSK.
This sounds like a great idea. I will even agree to eat the pre-established
ASN.1 here. I had no preconceived notion as to the format, just that we have
a specific way to get the stuff in.
(I don't think, in a post-QM world, we can authenticate the EST with a
certificate though, but that's a detail. I think it's still an armored Brinks
truck with a thumb drive or whatever)
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
