[127457] in cryptography@c2.net mail archive
Re: Strength in Complexity?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat Jul 5 13:22:19 2008
From: Florian Weimer <fw@deneb.enyo.de>
To: Arshad Noor <arshad.noor@strongauth.com>
Cc: Cryptography <cryptography@metzdowd.com>
Date: Sat, 05 Jul 2008 01:57:34 +0200
In-Reply-To: <486A819A.4000300@strongauth.com> (Arshad Noor's message of "Tue,
01 Jul 2008 12:12:26 -0700")
* Arshad Noor:
> The author of an article that appeared in InformationWeek this week
> (June 30, 2008) on Enterprise Key Management Infrastructure (EKMI):
>
> http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
>
> states the following:
>
> "There are, of course, obstacles that must still be overcome by EKMI
> proponents. For example, the proposed components are somewhat simple
> by design, which concerns some encryption purists who prefer more
> complex protocols, on the logic that they're more difficult to break
> into."
First of all, a simple SKSML request for a symmetric key is a whopping
77 lines of SOAPWSS/whatever XML; the server response is 62 lines even
without the container. If this is not enough to make every complexity
fanboy happy, I don't know what can do the trick.
On a more serious note, I think the criticism probably refers to the
fact that SKSML does not cryptopgrahically enforce proper key
management. If a participant turns bad (for instance, by storing key
material longer than permitted by the protocol), there's nothing in the
protocol that stops them.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
