[146805] in cryptography@c2.net mail archive
Re: [Cryptography] Why prefer symmetric crypto over public key
daemon@ATHENA.MIT.EDU (Christian Huitema)
Sun Sep 8 02:54:32 2013
X-Original-To: cryptography@metzdowd.com
From: "Christian Huitema" <huitema@huitema.net>
To: "'John Kelsey'" <crypto.jmk@gmail.com>
In-Reply-To: <812F88A8-67F3-486A-A01F-AFDF5BF4B285@gmail.com>
Date: Sat, 7 Sep 2013 20:06:53 -0700
Cc: 'Crypto' <cryptography@metzdowd.com>, 'Jon Callas' <jon@callas.org>,
"'Naif M. Otaibi'" <otaibinm@gmail.com>, 'Jaap-Henk Hoepman' <jhh@cs.ru.nl>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> Pairwise shared secrets are just about the only thing that scales worse than public key distribution by way of PGP key fingerprints on business cards. > The equivalent of CAs in an all-symmetric world is KDCs. Instead of having the power to enable an active attack on you today, KDCs have the power
> to enable a passive attack on you forever. If we want secure crypto that can be used by everyone, with minimal trust, public key is the only way to do it.
I am certainly not going to advocate Internet-scale KDC. But what if the application does not need to scale more than a "network of friends?"
-- Christian Huitema
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography