Strength in Complexity?
Florian Weimer
fw at deneb.enyo.de
Fri Jul 4 19:57:34 EDT 2008
* Arshad Noor:
> The author of an article that appeared in InformationWeek this week
> (June 30, 2008) on Enterprise Key Management Infrastructure (EKMI):
>
> http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
>
> states the following:
>
> "There are, of course, obstacles that must still be overcome by EKMI
> proponents. For example, the proposed components are somewhat simple
> by design, which concerns some encryption purists who prefer more
> complex protocols, on the logic that they're more difficult to break
> into."
First of all, a simple SKSML request for a symmetric key is a whopping
77 lines of SOAPWSS/whatever XML; the server response is 62 lines even
without the container. If this is not enough to make every complexity
fanboy happy, I don't know what can do the trick.
On a more serious note, I think the criticism probably refers to the
fact that SKSML does not cryptopgrahically enforce proper key
management. If a participant turns bad (for instance, by storing key
material longer than permitted by the protocol), there's nothing in the
protocol that stops them.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list