Re: On shared keys (was RE: SOI: identity protection and DOS)

["david chen" <ietf_davidchen@hotmail.com>]

Certificate is great
except no one sign the CA's public key. (yes, keeping moving along the
'chain' and reach top)
Noone certify the root-CA's public key in a realm.
Also, this CA's cert is very valuable for attacker.

The self-cert is just a showdow of pre-shared key.  (still proving)
If the certificate chain ultimately depends on the same mechanism as
pre-shared key then
just using pre-shared key is sufficient.

A raw public key with ID without certificate chain and CA is more simple and
efficient.
(and no complication of CRL)

Only way out of using CA and cert-chain is that Uinted Nation post its
public key on major TV
network on earth with 24/7 broadcasting and all certifcation of public keys
are ultimately based on it.
(It will be secure but no civil privacy :-)

As far as PGP, it is fuzzy about how secure it is.
More like each personal have a relative degree of mutual trust.
However, the degree of trust of a group (of people) to a certain person is
hard to
quantify. (arithmatic average of "trust" in the group, or geometric average
of that...)
I am lost. :-)


--- David




----- Original Message -----
From: "Dilkie, Lee" <Lee_Dilkie@mitel.com>
To: "'Alex Alten'" <Alten@home.com>; <andrew.krywaniuk@alcatel.com>; "'IPsec
WG'" <ipsec@lists.tislabs.com>
Sent: Wednesday, November 28, 2001 5:16 PM
Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)


> Alex,
>
> With all due respect, I think the ATM network is a great example of why
PSK (symmetric kind) security is an expensive and non scalable solution.
>
> First of all, the banks do take security seriously and implement the DES
security for ATM's the way we suggest for PSK, but no-body does.
>
> Every ATM is loaded with x months of DES keys by two security guards. Each
guard holds one half of a master key that is used to unlock the sets of keys
to be loaded into the ATM. You call this a simple and scalable solution? I
don't think so. It's expensive as heck, but fortunately for the banks, we
get to foot the bill.
>
> And I disagree that internet hosts are an order of magnitude smaller in
deployment.
>
> Consider the current situation with SSL-based web transactions. If you
consider the number of endpoints, both servers and browsers, participating
in a trusted, secured transaction I think you'll find that those numbers are
vastly larger than the number of ATMs in the world. The certificate-based
trust model is far easier and much more managable to deploy than any shared
secret scheme. (I'd sure consider it expensive to have two burly security
guards show up at my front door to load 4 months of DES keys into my
browser)
>
> Personally, I'd like to see the end of all PSK in IPSec and go to a
certificate-based PK trust model. Which is why I really liked the JFK
proposal. To those that would like raw public keys, I say this. It's not
hard to wrap a PK in a self-signed certificate and it buys you a lot. Moving
up to a CA chain buys you that much more.
>
> And finally, as for the compromises of credit card numbers and the like...
Not one of those was due to a flaw in security protocols. They were a result
of implementation errors in applications. Unfortunately (or maybe
fortunately) IPSec does not take on that responsibility.
>
> Lee Dilkie
>
> Mitel Networks
> 350 Legget Drive
> Kanata, ON, Canada
> K2K 2W7
>
> Phone: 1-613-592-5660
>
> "It wasn't easy to juggle a pregnant wife and a troubled child, but
somehow I managed to fit in eight hours of TV a day."
>      - Homer Simpson (from "The Simpsons")
>
>
> > -----Original Message-----
> > From: Alex Alten [mailto:Alten@home.com]
> > Sent: Wednesday, November 28, 2001 3:54 PM
> > To: andrew.krywaniuk@alcatel.com; 'IPsec WG'
> > Subject: RE: On shared keys (was RE: SOI: identity protection and DOS)
> >
> >
> >
> > You have completely missed my point, and incorrectly lumped
> > Visa and ATM
> > security systems together.
> >
> > My point is that for over 20 years hundred's of millions of
> > people have
> > been using *DES* to get cash out of ATM machines.  This is a
> > very large
> > scale system, the number of Internet hosts is an order of
> > magnitude smaller.
> > As far as I know there has never been a major compromise of
> > this system,
> > where lots of money was stolen from thousands of accounts.
> >
> > - Alex
> >
> >
> > At 08:58 PM 11/27/2001 -0500, Andrew Krywaniuk wrote:
> > >Your argument is silly.
> > >
> > >Visa and ATM transactions aren't secure. There are multiple
> > cases where
> > >large credit card databases have been compromised (often
> > when an online
> > >merchant's website is hacked).
> > ...
> > >
> > >
> > >> -----Original Message-----
> > >> From: owner-ipsec@lists.tislabs.com
> > >> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Alex Alten
> > >> Sent: Tuesday, November 27, 2001 12:24 PM
> > >> To: Hugo Krawczyk; IPsec WG
> > >> Subject: Re: On shared keys (was RE: SOI: identity
> > protection and DOS)
> > >>
> > >>
> > >> At 01:34 AM 11/27/2001 +0200, Hugo Krawczyk wrote:
> > >> >Everyone agrees that public key is the ONLY way to a scalable
> > >> >Internet-wide protocol. No question about it. In particular,
> > >> >any key-exchange protocol for IPsec MUST provide a
> > PK-based exchange.
> > >> >
> > >>
> > >> No.  I STRONGLY disagree.  I'll give a counter example.
> > The banking
> > >> ATM network uses DES keys.  It has scaled, in practice, world wide.
> > >>
> > >> And BTW, it's security & trust model is excellent.  Have you
> > >> ever heard
> > >> of a major compromise, say on the scale of 25,000 card #'s
> > >> being stolen
> > >> (like with Visa?).  Certainly nobody distrusts it because it uses
> > >> symmetric keys for authentication.  In fact I'm certain
> > YOU trust it
> > >> at least a couple a times a month.  :-)
> > >>
> >
> > --
> >
> > Alex Alten
> > Alten@Home.Com
> >
>