[Cryptography] Is it time for a revolution to replace TLS?
Guus Sliepen
guus at sliepen.org
Thu May 15 04:24:01 EDT 2014
On Wed, May 14, 2014 at 06:47:10AM -0400, Jerry Leichter wrote:
> For years now, "pre-shared keys" has been mainly a phrase of derision. WPA with pre-shared keys is what unsophisticated end-users deploy - professionals use "enterprise-level" security. Per-shared keys are fine for toys, but they "don't scale". Pre-shared keys are 1940's cryptography.
>
> I've argued here before that the solution to many asymmetric cryptosystem/PKI problems is *not to use asymmetric cryptosystems/PKI's*. Yes, there are use cases where you need them. But there are plenty where you don't. VPN's are a great example: Just how often do you need to connect to a VPN without having a trust relationship with whatever is behind that VPN and the opportunity to safely pre-share keys?
Usually when one says "pre-shared key" one means a key for a symmetric
cipher. However, the problem with those is that they are supposed to be
kept secret, and that means it is hard to pre-share them over public
communication channels. Conversely, when one mentions asymmetric keys it
is usually associated with a PKI. In case of VPNs, I would argue that
the best solution is to have pre-shared public keys; it is much easier
to exchange those over public communication channels, and if you use
ephemeral Diffie-Hellman key exchange signed with those public keys, you
get PFS, something that is not possible with pre-shared symmetric keys.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.org>
More information about the cryptography
mailing list