Strength in Complexity?

Arshad Noor arshad.noor at
Mon Aug 4 13:44:50 EDT 2008

Perry E. Metzger wrote:
> There are existing deployed solutions like Kerberos that scale far
> beyond that and work just fine, and actually address all the things
> this protocol seems to leave as an exercise to the reader. And yes,
> they're in use in real companies at gigantic scales. (Indeed, Kerberos
> is central to Microsoft's technologies these days.)

The example I used was only illustrative.  SKSML allows for 2^64 keys
per server, 2^64 servers per domain and 2^64 unique domains on the
internet.  The GlobalKeyID (GKID) of a key within a Symmetric Key
Management System (SKMS) is defined to be a triple consisting of the
concatenation of the unique domain ID, the server ID and the key ID 
(DID-SID-KID).  So GKID's can range from "1-1-1" all the way upto
"(2^64-1)-(2^64-1)-(2^64-1)"; so it is fairly scalable.

That said, Kerberos clearly has the benefit of 20+ years of research
and use in the field.  However, there are two fundamental differences
between SKSML and Kerberos, IMHO:

1) The design goals for Kerberos were very different from SKSML.  The
    former solves the problem of network-authentication in the face of
    insecure hosts/networks, while the latter focuses on long-term key
    management.  That they both use very similiar concepts & components
    to deliver quite different benefits to applications is testament to
    the strength and flexibility of the underlying components rather
    than to a weakness of SKSML.

2) AFAIK, Kerberos clients cannot deliver their stated benefit (network
    authentication) in the absence of the network or the Kerberos server.
    SKSML is designed to allow disconnected EKMI clients to continue
    providing cryptographic services to applications even in the absence
    of the network or the key-management server.  However, it does
    require that the Symmetric Key Client Library (SKCL) have connected
    to the Symmetric Key Services (SKS) server at least once before it
    can use this capability.

Arshad Noor
StrongAuth, Inc.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list