On 02/16/2012 01:51 PM, Phillip Hallam-Baker wrote:
My first thought was that this should be done by the CA.
In the cited material, they also cover PGP and SSH keys and
not every CA will have a collection beyond its own end
entities so I don't think this is a CA function since its
not checking one public key, but one public key against
a population of keys and is independent of X.509, PGP, SSH
etc.
> Then it turns
out that these are all (apparently) embedded systems generated keys
and only some of those are CA certified. So maybe there is a need for
this protocol.
That too.
As I have mentioned before though, public key is problematic in
embedded systems. Most of the systems don't have the resources to do
the job right and this will only get worse as time goes on because as
a $1 processor gets more powerful a chip with a 6502 core gets cheaper
and more are made. More 6502 type chips were made last year than in
any previous year.
So my view is that we have to get away from the idea that the endpoint
has to do public key crypto.
Well, that's one position but not necessarily the only one
with merit.
S
> I have developed technology (rights
reserved) that moves the public key stuff off the endpoint device
without creating holes the maker or key repository can exploit.
On Thu, Feb 16, 2012 at 8:12 AM, Stephen Farrell
<[email protected]> wrote:
Dunno if anyone else thinks this might be interesting
but I do:-)
So I sketched out an initial idea for how it might fit
in here. [1]
Comments welcome.
S.
[1] http://www.ietf.org/id/draft-farrell-kc-00.txt
On 02/15/2012 07:17 PM, Stephen Farrell wrote:
Hiya,
I guess the recent publications about common factors [1,2]
are something else that this group might want to consider.
I wonder if an rsa modulus checker protocol might help or
something. Not sure if that's something that could be run
quickly enough though, other than for the straight
duplicates or dumbass things with small factors you should
spot yourself. Anyone know?
Or maybe you could register your public key and get a
nonce, then come back periodically to see if any problems
have been detected for your key.
And yes, better prngs are needed, but there'll probably
always be bad ones out there.
S.
[1] http://eprint.iacr.org/2012/064
[2]
http://it.slashdot.org/story/12/02/15/1540212/factorable-keys-twice-as-many-but-half-as-bad
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
