On Thu, February 9, 2017 10:49 am, Eliot Lear wrote:
>
>
> On 2/9/17 4:45 PM, Derek Atkins wrote:
>> Hi,
>>
>> "Panos Kampanakis (pkampana)" <pkamp...@cisco.com> writes:
>>
>>> I am not saying symmetric keys are better than public key auth.
>>> I am saying that applying an 80-bit security level (RSA/DSA1024) today
>>> offers a false sense of security. You might as well not authenticate
>>> the messages.
>> I disagree. I think in many cases an 80-bit asymmetric signature is
>> better than a 128 (or even 256-bit) group-symmetric scheme, precisely
>> because with the symmetric scheme you only need to acquire the group key
>> from one node, which means you can attack ANY node, whereas with the
>> asymmetric scheme you MUST attack the signing node (which can have
>> better defenses).
>
> It can, Derek, but it might not. Think light switch or doorbell button.
Sure, but it's still a single point of attack versus attacking *any member
of the group*. I.e., you have to direct the attack at the signing entity,
which, as we seem to agree, *could* have better/stronger protections than
the *weakest* member of the group.
This isn't perfect, but it's still IMHO a step in the right direction.
"The Perfect is the enemy of the Good Enough"
> Eliot
-derek
--
Derek Atkins 617-623-3745
de...@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
