[kerry at vscape.com: Re: [p2p-hackers] P2P Authentication]
Eugen Leitl
eugen at leitl.org
Thu Oct 27 10:09:33 EDT 2005
----- Forwarded message from Kerry Bonin <kerry at vscape.com> -----
From: Kerry Bonin <kerry at vscape.com>
Date: Thu, 27 Oct 2005 06:52:57 -0700
To: zooko at zooko.com, "Peer-to-peer development." <p2p-hackers at zgp.org>
Subject: Re: [p2p-hackers] P2P Authentication
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
Reply-To: "Peer-to-peer development." <p2p-hackers at zgp.org>
There are only two good ways to provide man-in-the-middle resistant
authentication with key repudiation in a distributed system - using a
completely trusted out of band channel to manage everything, or use a
PKI. I've used PKI for >100k node systems, it works great if you keep
it simple and integrate your CRL mechanism - in a distributed system the
pieces are all already there! I think some people are put off by the
size and complexity of the libraries involved, which doesn't have to be
the case - I've got a complete RSA/DSA X.509 compliant cert based PKI
(leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++,
<30k object code, works great (I'll open that source as LGPL when I
deploy next year...) The only hard part about integrating into a p2p
network is securing the CA's, and that's more of a network security
problem than a p2p problem...
Kerry
zooko at zooko.com wrote:
>>>And if they do, then why reinvent the wheel? Traditional public key
>>>signing works well for these cases.
>>>
>>>
>...
>
>
>> Traditional public key signing doesn't work well if you want to
>>eliminate the central authority / trusted third party. If you like
>>keeping those around, then yes, absolutely, traditional PKI works
>>swimmingly.
>>
>>
>
>Where is the evidence of this bit about "traditional PKI working"? As far
>as
>I've observed, traditional PKI works barely for small, highly centralized,
>hierarchical organizations and not at all for anything else. Am I missing
>some
>case studies of PKI actually working as intended?
>
>Regards,
>
>Zooko
>_______________________________________________
>p2p-hackers mailing list
>p2p-hackers at zgp.org
>http://zgp.org/mailman/listinfo/p2p-hackers
>_______________________________________________
>Here is a web page listing P2P Conferences:
>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>
>
>
>
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20051027/5ff29689/attachment.pgp>
More information about the cryptography
mailing list