> From [EMAIL PROTECTED] Fri Sep 17 13:21:38 2004 > X-DNSBL-REJECT: 66.133.20.208.orbs.dorkslayers.com. is set to [A | 127.0.0.2] > X-Originating-Email: [EMAIL PROTECTED] > From: "Peter Williams" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [Muscle] NFC - A killer technology > List-Archive: <http://lists.drizzle.com/pipermail/muscle> > > > > > There are no share secrets as that does not scale to a 2 billion user > > > level (2008). > > > >Yes. Which is why PKI is important to authenticate the reader as well > >as the card. Of if it's not used between the reader and the NFC > >device, the device has to ensure that data traveling THROUGH the reader > >is secure. > > > > > In 10 years of PKI deployment in the internet (backed by well over $1 > billion investement from venture and DoD/NSA/GSA), there is NO evidence that > in practice PKI scales to 2 billion. There is considerable evidence that 50% > of those who have tried to go beyond 2000 users just gave up, frutstrated. > You need to be very focussed to make PKI pay off, knowing what its good for, > and what it is - in practice - really bad at.
Perhaps I used the wrong choice of words. Symmetric keys can't scale to 2 billion users. Assymetric keys are necessary. I don't mean that a fully integrated PKI is necessary. But some infrastucture may be needed if one is going to trust a strange system. If I approach a vending machine, an ATM, or a network access point, how can I be assured it's legitimate? Recent example at the GOP: http://www.informationweek.securitypipeline.com/network/showArticle.jhtml?articleId=46200846&printableArticle=true Certificates are necessary to use authenticated Diffie-Hellman Key Exchange. And unauthenticated DHKE is vulnerable to a MITM attack. So I am confused when you say off-line certs don't have applications. Are we assuming the access/service provider is always trusted and secure? I don't. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
