[Cryptography] Toxic Combination

alex at alten.org alex at alten.org
Thu Dec 4 12:37:45 EST 2014

Quoting Peter Gutmann <pgut001 at cs.auckland.ac.nz>:

> Ben Laurie <benl at google.com> writes:

> Looking past all the excuses, there is one, and only one, reason why no
> browser supports proper shared secret-based mutual auth: The browser vendors
> don't want to do it.

I agree with you, having designed and built symmetric key systems in  
the past for intra-organization use.  These type of systems had a  
centralized key management (and policy adjudication) server for  
maximum automation of secure data/session key distribution, which is  
great for things like real-time revocation.

How would you propose going about doing it for a globally scalable system?

- Alex

Alex Alten
alex at alten.org

More information about the cryptography mailing list