My first thought was that this should be done by the CA. Then it turns out that these are all (apparently) embedded systems generated keys and only some of those are CA certified. So maybe there is a need for this protocol.
As I have mentioned before though, public key is problematic in embedded systems. Most of the systems don't have the resources to do the job right and this will only get worse as time goes on because as a $1 processor gets more powerful a chip with a 6502 core gets cheaper and more are made. More 6502 type chips were made last year than in any previous year. So my view is that we have to get away from the idea that the endpoint has to do public key crypto. I have developed technology (rights reserved) that moves the public key stuff off the endpoint device without creating holes the maker or key repository can exploit. On Thu, Feb 16, 2012 at 8:12 AM, Stephen Farrell <[email protected]> wrote: > > Dunno if anyone else thinks this might be interesting > but I do:-) > > So I sketched out an initial idea for how it might fit > in here. [1] > > Comments welcome. > > S. > > [1] http://www.ietf.org/id/draft-farrell-kc-00.txt > > > On 02/15/2012 07:17 PM, Stephen Farrell wrote: >> >> >> Hiya, >> >> I guess the recent publications about common factors [1,2] >> are something else that this group might want to consider. >> >> I wonder if an rsa modulus checker protocol might help or >> something. Not sure if that's something that could be run >> quickly enough though, other than for the straight >> duplicates or dumbass things with small factors you should >> spot yourself. Anyone know? >> >> Or maybe you could register your public key and get a >> nonce, then come back periodically to see if any problems >> have been detected for your key. >> >> And yes, better prngs are needed, but there'll probably >> always be bad ones out there. >> >> S. >> >> [1] http://eprint.iacr.org/2012/064 >> [2] >> >> http://it.slashdot.org/story/12/02/15/1540212/factorable-keys-twice-as-many-but-half-as-bad >> >> _______________________________________________ >> therightkey mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/therightkey >> > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
