ietf
[Top] [All Lists]

Re: [saag] Whether TOFU should be considered in secure DHCPv6?

2016-08-31 22:01:41

On Aug 31, 2016, at 10:46 PM, Viktor Dukhovni 
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

Except for (allegedly) EV certs, the entire Web PKI runs on TOFU,
except that it happens invisibly (swept under the rug) between the
CA and the purported domain owner.

Thus DV certs are TOFU for public consumption, where the CA gets
to regurgitate the same TOFU to feed all the relying parties.

I should perhaps add that the problem with TOFU is not so much
that is especially weak authentication, but rather that is much
too fragile for peering to a large number of peers.

When uses TOFU for SSH to a small set of servers, or to connect
to a small, mostly stable set of networks, it can be a reasonable
fit.  When one uses TOFU with a large dynamic set of peers with
keys relatively frequently becoming stale TOFU, then it becomes
a rather poor user experience, and is counter-productive.

-- 
        Viktor.


<Prev in Thread] Current Thread [Next in Thread>