question re practical use of secret sharing
alex at alten.org
alex at alten.org
Fri Jun 22 11:18:51 EDT 2007
> pgut001 at cs.auckland.ac.nz
>
> "D. K. Smetters" <smetters at parc.com> writes:
>
> > However, given the difficulty people have in managing keys in general,
> > building effective systems that allow them to manage key fragments is beyond
> > the range of most current commercial products.
>
> I think that's the perfect summary of the problem with threshold schemes.
> The processes they involve is simply too complex both to model mentally for
> users and to build an interface to.
Heck, even normal key management seems to be too much. Most real world
secure systems I seen have a "leap of faith" aspect to them when distributing
the first key (such as a CA or a login server's public key). Often MITM
scenarios are not properly considered when distributing the session keys/
certificates. Software ease-of-use/automation trumps properly done key
management/user enrollment. It's a pity because often millions of people
start using them before the serious problems start to crop up (like thievery
or illegal wiretapping) and then it's too late to retrofit them properly
(for example Skype seems to have made these types of mistakes).
- Alex
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list