7 Apr 2011 06:25
Passwords. Re: IETF 80: The future of PKIX certificate enrollment protocols
Anders Rundgren <anders.rundgren <at> telia.com>
2011-04-07 04:25:15 GMT
2011-04-07 04:25:15 GMT
On 2011-04-07 05:58, Peter Gutmann wrote: > Stephen Kent <kent <at> bbn.com> writes: > >> pre-shared keys/passwords do not scale well, > > "... and we'll keep asserting this until you cry Uncle, dammit!". > PSKs/passwords are the basis of the most complex, scalable systems ever > designed. Just one of these, Facebook, has half a billion users using non- > scalable PSKs, and exactly zero using scalable PKI. Gmail, Yahoo, Youtube, > Flickr, all of these operate on a planetary scale using non-scalable PSKs. So > could I make the following modest suggestion, whenever someone wants to say > "PSKs don't scale", could they either qualify it with "... beyond planetary > scale" or alternatively "... and I'll keep asserting this while saying > LALALALALAI'MNOTLISTENING until you go away". > It is possible that you guys are talking about different things. If containers should be capable of authenticating themselves it seems that PSKs would be a very stupid (non-scalable) solution. For users and operators that in some way invoke the enrollment process, a one-time/short-lived password is entirely appropriate. However, building on non-standard (generally implemented) TLS variants is not what I would do. Anders _______________________________________________ pkix mailing list pkix <at> ietf.org https://www.ietf.org/mailman/listinfo/pkix
RSS Feed