[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE:Asymmetric authentication

To: ietf-pkix@xxxxxxx
Subject: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Wed, 21 Jul 1999 09:49:08 -0400 (EDT)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

> From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
> 
> As you say, if the Phase1 authentication is based on a poorly kept shared
> (group) key, anything can happen without the need to acquire a device. I
> don't see that a well chosen, unique, well secured pre-shared secret is much
> worse than a certificate though.


If the user is going to have to remember and enter a well chosen, unique
shared secret, then why shouldn't he just remember his private key and
do away with XAUTH?

A private key doesn't have to be kept in a PSE on the pilferable
laptop, it could be typed when the user establishes a connection.
A 160 bit private key is (only) 15 S/KEY words, at 11 bits per word.

1/2 :-)

Prev by Date: RE: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)
Next by Date: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
Previous by thread: RE: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)
Next by thread: RE: KISS for PKIX. (Was: RE:Asymmetric authentication
Index(es):
- Date
- Thread