Columbia crypto box
Adam Fields
fields at surgam.net
Mon Feb 10 10:54:14 EST 2003
On Sun, Feb 09, 2003 at 11:34:01PM -0500, Steven M. Bellovin wrote:
> First, there was no key management. This means that loss of a single
> unit -- a stolen laptop or a disgruntled (ex-)employee would do --
> compromises the entire network, since it's impossible to rekey
> everything at once in an organization of any size. For most real-world
> deployments, this is the most serious weakness. Furthermore, if there
> were real key management, the next two problems couldn't have happened.
> This was clearly avoidable.
Practically, what's the right way to do this? You could do it with a
centralized server key that has the ability to broadcast a new shared
key to all clients, but then if the server gets compromised you lose
control of the entire network (possibly true anyway, for different
reasons).
>From my personal (limited) experience, key management is really
hard. I'm curious about potential solutions to this.
--
- Adam
-----
Adam Fields, Managing Partner, fields at surgam.net
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
http://www.adamfields.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list