[146639] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Sep 6 02:40:27 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <C16B1354-AEE4-4599-A32C-8C994F7F2D13@callas.org>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Fri, 6 Sep 2013 01:19:10 -0400
To: Jon Callas <jon@callas.org>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Jon Callas <jon@callas.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
I don't see what problem would actually be solved by dropping public key crypto in favor of symmetric only designs. I mean, if the problem is that all public key systems are broken, then yeah, we will have to do something else. But if the problem is bad key generation or bad implementations, those will be with us even after we abandon all the public key stuff. And as Jon said, the trust problems get harder, not easier. With only symmetric crypto, whoever acts as the introducer between Alice and Bob can read their traffic passively and undetectably. With public key crypto, the introducer can do a man in the middle attack (an active attack) and risks detection, as Alice and Bob now have things signed by the introducer associating the wrong keys with Bob and Alice, respectively.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
