[Cryptography] Opening Discussion: Speculation on "BULLRUN"

[Jerry Leichter]

>> Perhaps it's time to move away from public-key entirely!  We have a classic paper - Needham and Schroeder, maybe? - showing that private key can do anything public key can; it's just more complicated and less efficient.
> 
> Not really. The Needham-Schroeder you're thinking of is the essence of Kerberos, and while Kerberos is a very nice thing, it's hardly a replacement for public key.
> 
> If you use a Needham-Schroeder/Kerberos style system with symmetric key systems, you end up with all of the trust problems, but on steroids....
I don't think we're really in disagreement here.  Much of what you say later in the message is that the way we are using symmetric-key systems (CA's and such), and the way browsers work, are fundamentally wrong, and need to be changed.  And that's really the point:  The system we have is all of a piece, and incremental changes, sadly, can only go so far.  We need to re-think things from the ground up.  And I'll stand by my contention that we need to re-examine things we think we know, based on analyses done 30 years ago.  Good theorems are forever, but design choices apply those theorems to real-world circumstances.  So much has changed, both on the technical front and on non-technical fronts, that the basis for those design choices has fundamentally changed.

Getting major changes fielded in the Internet is extremely difficult - see IPv6.  If it can be done at all, it will take years.  But the alternative of continuing on the path we're on seems less desirable every day.

                                                        -- Jerry