Re: New Method for Authenticated Public Key Exchange without Digital Certificates

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 08/06/04 

Date: Thu, 05 Aug 2004 17:05:10 -0600

amicrypt@amishare.com (Allen Pulsifer) writes:
> Enclosed is a paper discussing a new method to authenticate the
> exchange of public keys without using digital certificates. The
> protocol has one step involving human intervention, specifically, it
> requires human operators to verify the identity of one another and
> compare two short strings.
>
> The primary use for this protocol would be to bootstrap a secure
> channel. Remarkably, we have found no papers or documented
> protocols on how to achieve this.

no documented protocols for secure key exchange or no documented
protocols for secure public key exchange.

in general there is a lot written on secure or out-of-band channels
for secure key exchange ... mostly having to do with symmetric keys.
i just finished some comments (in another n.g.) about asymmetric
vis-a-vis symmetric with regard to this subject:
http://www.garlic.com/~lynn/subtopic.html#47

the issue for symmetric key exchange is both hiding the keys and can
the exchange be trusted ... while asymmetric key exchange may
eliminate hiding the keys ... but doesn't eliminate the problem.

In fact, all the root trust keys ... even in PKI & digital
certificates paradigm have this issue ... however, frequently they
leave the issue of how the environment is initially populated with the
initial root trust keys as an exercise for the student (or it is taken
for granted as magically happening).

at its simplest ... one could claim that the whole PGP environment
implements such an infrastructure ... the ability to perform public
key exchange w/o requiring certificates from certification authorities
trust roots.

as an aside ... i've long advocated "naked" public keys and that
certificates frequently are redundant and superfluous. 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Relevant Pages

  • Re: Which is the Fastest (Secure) Way to Exchange 256-bit Keys?
    ... I need a fast way to exchange 256-bit keys, which I would be using in ... Max possible throughput on General Purpose PCs? ... Communication latencies are so much longer than computation times that ...
    (sci.crypt)
  • RE: IKE Security Error in Performance Log
    ... "James Yeomans BSc, MCSE" wrote: ... pre-shared keys they both have. ... I recieved this error a coulple of days ago regarding IKE Security. ... Mode: Key Exchange Mode (Main ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook 2003 - RPC over HTTP
    ... I am all done with the server and am ready to test. ... >> Open Exchange System Manager and go to the server object. ... >> Verify that the following keys have been created in the registry on Exchange ... >> specified default ports for RPC over HTTP Proxy inside the corporate ...
    (microsoft.public.outlook.general)
  • Re: W2K and CE key exchange?
    ... What keys do you want to exchange? ... You can export the certificates/public keys into .cer x509 files. ... "Frank Perry" wrote in message ... > How can I exchange keys between a Windows 2000 machine and a ...
    (microsoft.public.platformsdk.security)
  • Re: PKI: the end
    ... that one of the keys is consistently kept private and the other ... How does PKI infer 3-factor? ... What's with the "business process" terminology? ... > case of domain name SSL certificates, ...
    (sci.crypt)