[Cryptography] Is it time for a revolution to replace TLS?

[Jerry Leichter]

On May 13, 2014, at 9:59 PM, Tom Mitchell <mitch at niftyegg.com> wrote:
> ...I do see a growing need for VPN services where
> preshared keys are necessary to connect....
For years now, "pre-shared keys" has been mainly a phrase of derision.  WPA with pre-shared keys is what unsophisticated end-users deploy - professionals use "enterprise-level" security.  Per-shared keys are fine for toys, but they "don't scale".  Pre-shared keys are 1940's cryptography.

I've argued here before that the solution to many asymmetric cryptosystem/PKI problems is *not to use asymmetric cryptosystems/PKI's*.  Yes, there are use cases where you need them.  But there are plenty where you don't.  VPN's are a great example:  Just how often do you need to connect to a VPN without having a trust relationship with whatever is behind that VPN and the opportunity to safely pre-share keys?

If door locks were designed along the same principles, you won't need to carry keys in your pocket - after all, there are so many doors you might need to unlock, so many keys you have to carry.  Just use a PKI system to establish who you are and who the house belongs to and let The System determine if the door should open for you.

It's certainly be simpler to have one, global, uniform, secure solution to all communications problems.  If only such a thing existed!  But it doesn't, and won't - not unless you're willing to ignore all the cracks and breaks and holes and agree that it's "best practice" even though "best practice" just doesn't work.
                                                        -- Jerry