Columbia crypto box

Adam Fields fields at
Mon Feb 10 10:54:14 EST 2003

On Sun, Feb 09, 2003 at 11:34:01PM -0500, Steven M. Bellovin wrote:
> First, there was no key management.  This means that loss of a single 
> unit -- a stolen laptop or a disgruntled (ex-)employee would do -- 
> compromises the entire network, since it's impossible to rekey 
> everything at once in an organization of any size.  For most real-world 
> deployments, this is the most serious weakness.  Furthermore, if there 
> were real key management, the next two problems couldn't have happened.
> This was clearly avoidable.

Practically, what's the right way to do this? You could do it with a
centralized server key that has the ability to broadcast a new shared
key to all clients, but then if the server gets compromised you lose
control of the entire network (possibly true anyway, for different

>From my personal (limited) experience, key management is really
hard. I'm curious about potential solutions to this.

				- Adam

Adam Fields, Managing Partner, fields at
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list