Sam Hartman wrote:
Masataka> Given that CAs of PKI can be compromised as easily as
Masataka> ISPs of the Internet, PKI is merely weakly secure as
Masataka> weakly as the plain Internet.
I'd consider DH a fine strong security mechanism in a number of cases.
DH is, though not strong, pretty secure only *IF* you can securely
identify your peer.
If, for the identification, you use plain DNS or, so called secure
DNS, neither of which is strongly secure, TCP sequence number gives
proper level of security.
Stephen Kent wrote:
The notion of CA compromise and ISP comprise are not completely
comparable, which makes your comparison suspect.
As I already mentioned, social attacks on employees of CAs and
ISPs are equally easy and readily comparable.
Also, the security implications of errors (or sloppiness) by ISPs is
very different from that of CAs, so I don't think your comparison makes
sense in that regard as well.
Given the sloppiness of current DNS management, secure DNS CAs, which
is an PKI, will be no different from that of ISPs.
It hard for you to recognize that most, if not all, of the effort
of IETF security area has been wasted in vain. But that's the
reality.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf