[Cryptography] Toxic Combination
alex at alten.org
alex at alten.org
Thu Dec 4 12:37:45 EST 2014
Quoting Peter Gutmann <pgut001 at cs.auckland.ac.nz>:
> Ben Laurie <benl at google.com> writes:
>
> Looking past all the excuses, there is one, and only one, reason why no
> browser supports proper shared secret-based mutual auth: The browser vendors
> don't want to do it.
I agree with you, having designed and built symmetric key systems in
the past for intra-organization use. These type of systems had a
centralized key management (and policy adjudication) server for
maximum automation of secure data/session key distribution, which is
great for things like real-time revocation.
How would you propose going about doing it for a globally scalable system?
- Alex
--
Alex Alten
alex at alten.org
More information about the cryptography
mailing list