From: Kerry Bonin Date: Thu, 27 Oct 2005 06:52:57 -0700 To: zooko@zooko.com, "Peer-to-peer development." Subject: Re: [p2p-hackers] P2P Authentication User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) Reply-To: "Peer-to-peer development."

There are only two good ways to provide man-in-the-middle resistant authentication with key repudiation in a distributed system - using a completely trusted out of band channel to manage everything, or use a PKI. I've used PKI for >100k node systems, it works great if you keep it simple and integrate your CRL mechanism - in a distributed system the pieces are all already there! I think some people are put off by the size and complexity of the libraries involved, which doesn't have to be the case - I've got a complete RSA/DSA X.509 compliant cert based PKI (leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++, <30k object code, works great (I'll open that source as LGPL when I deploy next year...) The only hard part about integrating into a p2p network is securing the CA's, and that's more of a network security problem than a p2p problem...

It's great to see this guy showing up yet another of the false dogmas of the crypto hacker community: "PKI can't work". According to this view, only old fogies and tight ass bureaucrats believe in certifying keys. All the cool kids know that the best key is a bare key. After all, MITM attacks never really happen, this was just an invented threat designed to force poor college kids into paying hundreds of dollars a year for a verisign certificate. But when we come into the P2P world things look very different. Where MITM would require special positioning in the old net, in a distributed P2P network, everyone's a MITM! Every key has passed through dozens of hands before you get to see it. What are the odds that nobody's fucked with it in all that time? You're going to put that thing in your mouth? I don't think so. Using certificates in a P2P network is like using a condom. It's just common sense. Practice safe cex! CP