--
At 09:59 AM 8/31/2000 -0700, Michael Thomas wrote:
> It looks like your argument is not with the SIP WG but with the CAT
> WG.
To be useful, encryption must be integral with a communications
protocol. To be secure, a communications protocol must be integral with
encryption.
> I'm sure a lot of folks there would be willing to entertain (or not)
> this argument. In particular, the assertion that that Kerberos is
> inherently subject to dictionary attacks looks more like an
> indictment against symmetric key cryptography in general, rather
> than Kerberos in particular.
There is nothing special about symmetric key cryptography that makes it
particularly subject to dictionary attacks. In all public key solutions,
the public keys are used to set up a symmetric key that is not subject to
dictionary attacks.
It is probably possible to set up a system with properties similar to those
that I outlined using nothing but symmetric key cryptography, though it
would be more complex, hence harder to understand and harder to get right.
Existing symmetric key solutions (Kerberos) are vulnerable to dictionary attack
Existing public key solutions are hard to use and unpopular.
These are properties of the particular implementations, and the particular
tasks for which they are used, not a property of the underlying
technology. The technology is merely a tool. It is what one makes with
the tool that has particular properties, like being hard to use, or being
vulnerable to particular attacks
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
xirSvfQvSQVFCs8dj58C5bSdC21fv2EaGyNzr8wn
4x8kyGomth1BRtbAUDUQHnw3q8MGtTv7Mb395WWQ4
