[145668] in cryptography@c2.net mail archive
Re: Has there been a change in US banking regulations recently?
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Aug 16 15:01:33 2010
Date: Sun, 15 Aug 2010 23:33:09 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: eric.lengvenis@wellsfargo.com
Cc: lynn@garlic.com, jon@callas.org, pgut001@cs.auckland.ac.nz,
cryptography@metzdowd.com
In-Reply-To: <6FB650C8B0580345A635730F45C37CEE4ACDB65EAE@MSGCMSV21011.ent.wfb.bank.corp>
On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengvenis@wellsfargo.com wrote:
> There are some possibilities, my co-workers and I have discussed. For
> purely internal systems TLS-PSK (RFC 4279) provides symmetric
> encryption through pre-shared keys which provides us with whitelisting
> as well as removing asymmetric crypto. [...]
For purely internal systems Kerberos is really the way to go, mostly
because it's so easy to deploy nowadays.
TLS-PSK is not a useful way of building any but the smallest networks,
and for two reasons: a) there's no agreed PBKDF and password salting
mechanisms, so passwords are out, b) there's no enrolment mechanism, so
PSK setup is completely ad-hoc.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
