From kerry@vscape.com Fri Jul 6 02:41:23 2018 From: Kerry Bonin To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [p2p-hackers] P2P Authentication Date: Fri, 06 Jul 2018 02:41:23 +0000 Message-ID: <172289244543.3881296.11417330326294439368.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5654913303492228508==" --===============5654913303492228508== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable There are only two good ways to provide man-in-the-middle resistant authentication with key repudiation in a distributed system - using a completely trusted out of band channel to manage everything, or use a PKI. I've used PKI for >100k node systems, it works great if you keep it simple and integrate your CRL mechanism - in a distributed system the pieces are all already there! I think some people are put off by the size and complexity of the libraries involved, which doesn't have to be the case - I've got a complete RSA/DSA X.509 compliant cert based PKI (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, <30k object code, works great (I'll open that source as LGPL when I deploy next year...) The only hard part about integrating into a p2p network is securing the CA's, and that's more of a network security problem than a p2p problem... Kerry zooko(a)zooko.com wrote: >>>And if they do, then why reinvent the wheel? Traditional public key >>>signing works well for these cases. >>> >>> >... > > >> Traditional public key signing doesn't work well if you want to >>eliminate the central authority / trusted third party. If you like >>keeping those around, then yes, absolutely, traditional PKI works >>swimmingly. >> >> > >Where is the evidence of this bit about "traditional PKI working"? As far >as >I've observed, traditional PKI works barely for small, highly centralized, >hierarchical organizations and not at all for anything else. Am I missing >some >case studies of PKI actually working as intended? > >Regards, > >Zooko >_______________________________________________ >p2p-hackers mailing list >p2p-hackers(a)zgp.org >http://zgp.org/mailman/listinfo/p2p-hackers >_______________________________________________ >Here is a web page listing P2P Conferences: >http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences > > > > _______________________________________________ p2p-hackers mailing list p2p-hackers(a)zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which h= ad a name of signature.asc] --===============5654913303492228508==--