> Pairwise shared secrets are just about the only thing that scales worse than > public key distribution by way of PGP key fingerprints on business cards. > > The equivalent of CAs in an all-symmetric world is KDCs. Instead of having > the power to enable an active attack on you today, KDCs have the power > to enable a passive attack on you forever. If we want secure crypto that > can be used by everyone, with minimal trust, public key is the only way to do > it.
I am certainly not going to advocate Internet-scale KDC. But what if the application does not need to scale more than a "network of friends?" -- Christian Huitema _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
