[146667] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Fri Sep 6 13:26:06 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <C16B1354-AEE4-4599-A32C-8C994F7F2D13@callas.org>
Date: Fri, 6 Sep 2013 07:28:41 -0400
To: Jon Callas <jon@callas.org>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Peter Gutmann <pgut001@cs.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
>> Perhaps it's time to move away from public-key entirely! We have a classic paper - Needham and Schroeder, maybe? - showing that private key can do anything public key can; it's just more complicated and less efficient.
>
> Not really. The Needham-Schroeder you're thinking of is the essence of Kerberos, and while Kerberos is a very nice thing, it's hardly a replacement for public key.
>
> If you use a Needham-Schroeder/Kerberos style system with symmetric key systems, you end up with all of the trust problems, but on steroids....
I don't think we're really in disagreement here. Much of what you say later in the message is that the way we are using symmetric-key systems (CA's and such), and the way browsers work, are fundamentally wrong, and need to be changed. And that's really the point: The system we have is all of a piece, and incremental changes, sadly, can only go so far. We need to re-think things from the ground up. And I'll stand by my contention that we need to re-examine things we think we know, based on analyses done 30 years ago. Good theorems are forever, but design choices apply those theorems to real-world circumstances. So much has changed, both on the technical front and on non-technical fronts, that the basis for those design choices has fundamentally changed.
Getting major changes fielded in the Internet is extremely difficult - see IPv6. If it can be done at all, it will take years. But the alternative of continuing on the path we're on seems less desirable every day.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography