I'm having a feeling that you call a set of software/hardware
to handle certs a PKI.
The problem for such PKI is that, if we have certs based on
existing trust (e.g. I trust some organization have an authority
to issue passports) relationships, we can exchange shared secret
using the relationships that we don't need any public keys.
In principle, yes, but in practice it is preferable to use public keys
for a variety of security reasons,
In practice, I see no security reason not to use shared key
cryptography. See below about the practice of the cases
you choose (passports, frequent traveller cards, etc.)
not to mention the existence of a lot
of software that can make use of certs and public keys.
I'm afraid you are saying we should have PKI because we have PKI.
This is what happens in the physical world with most physical
credentials: passports, frequent traveller cards, etc.
Our trust relationships in these cases are so strong that we
can be delivered not only PINs (shared secret) but also physical
Yes, but it is cheaper to issue credentials in the form of certs and
avoid postage and related physical credential costs.
In all (passports and frequent traveller cards) cases, it is
required that applicants physically contact authorities.
In Japan, and maybe in other countries, use of material mail is
inevitable to get passport, because it is the way to confirm the
addresses of applicant.
One can pick up frequent travellor cards, at least paper ones, at
Also, PINs are
meant to be remembered by users and thus are mire vulnerable to guessing
than key pairs. So we have to put into place attack monitoring and
response schemes, e.g., locking down an account after N bad login
attempts, which creates DoS opportunities! So there are many reasons to
prefer PKI here, although there are downsides too.
Here, we are talking about physical credentials optionally accompanied
by PINs. So, long PINs may be securely stored in the physical
credentials (maybe with additional short PINs to activate the physical
credentials, which is also the case for devices storing secret keys of
public key cryptography). DoS is to steal the physical credentials.
The next question is, does a, two or millions of PKIs worth having?
I don't think they do.
I don't know how many we need. But, when I look in my travel bag I see
about 30+ paper and plastic credentials, all of which could be turned
into certs under the right circumstances, without creating new "trusted"
I think we can, at least, agree that we need no "new trusted
organizations" or commercial CAs.
and with the benefit of greater security and less bulk
(bits are thin and light weight!).
That you have paper and plastic credentials means that you don't
need much security.
That you have an IC card containing 30+ secret keys activated with
a short PIN does not mean so much security. How do you think about
an IC card erases all the secret information after N bad PINs, which
creates DoS opportunities?