[p2p-hackers] P2P Authentication
Kerry Bonin
kerry at vscape.com
Thu Oct 27 13:52:57 UTC 2005
There are only two good ways to provide man-in-the-middle resistant
authentication with key repudiation in a distributed system - using a
completely trusted out of band channel to manage everything, or use a
PKI. I've used PKI for >100k node systems, it works great if you keep
it simple and integrate your CRL mechanism - in a distributed system the
pieces are all already there! I think some people are put off by the
size and complexity of the libraries involved, which doesn't have to be
the case - I've got a complete RSA/DSA X.509 compliant cert based PKI
(leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++,
<30k object code, works great (I'll open that source as LGPL when I
deploy next year...) The only hard part about integrating into a p2p
network is securing the CA's, and that's more of a network security
problem than a p2p problem...
Kerry
zooko at zooko.com wrote:
>>>And if they do, then why reinvent the wheel? Traditional public key
>>>signing works well for these cases.
>>>
>>>
>...
>
>
>> Traditional public key signing doesn't work well if you want to
>>eliminate the central authority / trusted third party. If you like
>>keeping those around, then yes, absolutely, traditional PKI works
>>swimmingly.
>>
>>
>
>Where is the evidence of this bit about "traditional PKI working"? As far as
>I've observed, traditional PKI works barely for small, highly centralized,
>hierarchical organizations and not at all for anything else. Am I missing some
>case studies of PKI actually working as intended?
>
>Regards,
>
>Zooko
>_______________________________________________
>p2p-hackers mailing list
>p2p-hackers at zgp.org
>http://zgp.org/mailman/listinfo/p2p-hackers
>_______________________________________________
>Here is a web page listing P2P Conferences:
>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zgp.org/pipermail/p2p-hackers/attachments/20051027/3efb47ce/attachment.htm
More information about the P2p-hackers
mailing list