[p2p-hackers] P2P Authentication

Kerry Bonin kerry at vscape.com
Thu Oct 27 06:52:57 PDT 2005 

There are only two good ways to provide man-in-the-middle resistant
authentication with key repudiation in a distributed system - using a
completely trusted out of band channel to manage everything, or use a
PKI.  I've used PKI for >100k node systems, it works great if you keep
it simple and integrate your CRL mechanism - in a distributed system the
pieces are all already there!  I think some people are put off by the
size and complexity of the libraries involved, which doesn't have to be
the case - I've got a complete RSA/DSA X.509 compliant cert based PKI
(leveraging LibTomCrypt for crypto primitives) in about 2k lines of C++,
<30k object code, works great (I'll open that source as LGPL when I
deploy next year...)  The only hard part about integrating into a p2p
network is securing the CA's, and that's more of a network security
problem than a p2p problem...

Kerry

zooko at zooko.com wrote:

>>>And if they do, then why reinvent the wheel? Traditional public key
>>>signing works well for these cases.
>>>
>>>
>...
>
>
>> Traditional public key signing doesn't work well if you want to
>>eliminate the central authority / trusted third party.  If you like
>>keeping those around, then yes, absolutely, traditional PKI works
>>swimmingly.
>>
>>
>
>Where is the evidence of this bit about "traditional PKI working"?  As far
>as
>I've observed, traditional PKI works barely for small, highly centralized,
>hierarchical organizations and not at all for anything else.  Am I missing
>some
>case studies of PKI actually working as intended?
>
>Regards,
>
>Zooko
>_______________________________________________
>p2p-hackers mailing list
>p2p-hackers at zgp.org
>http://zgp.org/mailman/listinfo/p2p-hackers
>_______________________________________________
>Here is a web page listing P2P Conferences:
>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>
>
>
>


_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences


----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list