Re: Is symmetric key distribution equivalent to symmetric key generation?
From: chuckles (chuckleberryfinn_at_gmail.com)
Date: 24 Aug 2005 14:38:03 -0700
thanks for the comments so far. I've been on nights these past few
not much time for posting will post again in the next day or two. If
yas can keep the posts going or at least keep on an eye on this thread
I'll have some more qs in the next day or so.
What is it about key
transport that you find unacceptable? If you can answer that question,
I may be able to help.
To briefly answer this question, I don't think PKIs and X509 in
particular are the way forward. What I like most about DH is the fact
that it doesn't rely on X509 to get the job done. I feel X509
comlpicates matters to a horrible degree while just redifining the
original problems DH faces and adding a whole lot more for good
measure. Oh and as a side note in terms of using asymmetric crypto for
authenticated DH what about signing the generated shared secret key
with your private key and then exchanging your signed copy with the
other side of the protocol? Presuming your public key is available on a
PKI seems like it would kick any MITM's teeth in??
Thanks for all posts so far Alan and Dave,