[Cryptography] Is it time for a revolution to replace TLS?
Guus Sliepen
guus at sliepen.org
Thu May 15 09:01:52 EDT 2014
On Thu, May 15, 2014 at 07:11:46AM -0400, Jerry Leichter wrote:
> > Conversely, when one mentions asymmetric keys it
> > is usually associated with a PKI. In case of VPNs, I would argue that
> > the best solution is to have pre-shared public keys; it is much easier
> > to exchange those over public communication channels,
>
> Sharing a public key over a public channel is meaningful only if you have a way to authenticate that it came from who you think it came from. That's a problem just as hard as keeping the shared key secret as it's being transmitted.
I don't believe it is as hard. The problem with the shared secret is
that you absolutely need to keep it secret. That requirement is gone
when you exchange public keys. If two people know each other and can
recognize each other's voices, then you can exchange the public key via
telephone, or just email them to each other and read out the fingerprint
to each other over the phone.
> > and if you use
> > ephemeral Diffie-Hellman key exchange signed with those public keys, you
> > get PFS, something that is not possible with pre-shared symmetric keys.
>
> That's false. PFS has a mystique around it, but in fact it's trivial to produce in a symmetric system, as I showed on this list not long ago.
You are right, I myself just fell into the trap of conflating pre-shared
keys with only specific use cases (like in OpenVPN where it is only used
for static keys).
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.org>
More information about the cryptography
mailing list