Strength in Complexity?

[Florian Weimer]

* Arshad Noor:

> I may be a little naive, but can a protocol itself enforce proper
> key-management?  I can certainly see it facilitating the required
> discipline, but I can't see how a protocol alone can enforce it.
> Any examples you can cite where this has been done, would be very
> helpful.

As far as I understand it, you don't actually change protocols, which
means that there's likely no way around this problem.

> The design paradigm we chose for EKMI was to have:
>
> 1) the centralized server be the focal point for defining policy;
> 2) the protocol carry the payload with its corresponding policy;
> 3) and the client library enforce the policy on client devices;
>
> In some form or another, don't all cryptographic systems follow a
> similar paradigm?

No, there are things like digital cash and mental poker which do not
work with a trusted third party.  I think it's even possible to compute
RSA signatures from a split private key in a way that is secure against
byzantine failure (IOW, a certain number of key holders needs to
cooperate to forge a signature or recover the private key).  There's
also quite a bit of research on operations on encrypted databases.

Of course, you cannot actually run an ordinary web shop on top of such
protocols because interfaces to the public and to the processors are
essentially fixed.  Cryptographically securing the middle end seems
rather pointless to me because the public-facing front end is the
component that causes most of the trouble.  (And I'm not fully convinced
that more encryption is the answer to that.)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com