[cryptography] Well, that's depressing. Now what?

ianG iang at iang.org
Thu Feb 2 18:25:45 EST 2012


Hi Bill,

tongue firmly in cheek,


On 1/02/12 05:50 AM, Bill Squier wrote:
> On 01/31/2012 05:21 AM, ianG wrote:
>>
>> major software product that still calls self-signed certificates
>> "snake-oil" certificates. Which is upside down, the use of the term
>> itself can be snake-oil recursively.
>
> That would make it 'Ouroboris oil'.
>
>> Yes, easy. QKD requires hardware. A laser+receiver at each end fiber in
>> the middle. Software techniques don't impose any hardware costs.
>>
>> QKD is only ever point to point. It can never be end to end. We now have
>> a 1.5 decade experiment that tells us that point to point security is
>> pretty much ... cosmetic for serious purposes.
>
> Now, now. Weren't you just sticking up for self-signed certs?


So, yes, there are other absolute laws in security, such as, there are 
no absolute laws :)

If one has a point to point product in place then one may find that 
self-signed certs will help.  Given the pretty poor integration of such 
products into the overall security model, self-signed may work better 
than other forms simply due to cost-effectiveness.

It all depends.  The environment matters, as you point out below:


> Different applications have different needs. For the foreseeable future, QKD requires dedicated hardware at each end of an unboosted fiber circuit. This is OK! Every system has known limitations.

Oh indeed.  We know, limitations.  Overall delivery?  Any value there?

>> It's like this: in principle, it is possible to imagine a "perfect" link
>> between those two boxes. But, those two boxes aren't customer
>> applications. Pretty much all customer applications are more complex
>> than two end-points and a piece of string between.
>
> There are some fixed point-to-point connections of bicycle distance in the world needing security from fiber-splicing attackers who control the physical key distribution and might also (can't say for sure) secretly have better mathematicians than the rest of the world.

Thank heavens then for the bicycle, as it can carry 50Gb's worth of 
one-time-pad on a single bluray ;-)

> You know what QKD would have been great for?  West Berlin.

lol...   Ooooookay.  So.  We're talking about an environment where they 
shoot people across those distances, just for "sorry, oops" reasons. 
Ever see that film "A few good men?"  Without spoiling the plot, the 
lawyers, a bunch of dorks from the safe end of town turn up at gitmo and 
are given nondescript jackets because "they shoot officers for target 
practice here..."

One thing I wouldn't put much hope in was a line of fiber that was 
within distance of a bunch of trigger-happy foreigners...  If I was the 
foreigner, I'd just cut the fibre, or teach a rat to chew it or 
something (technically called a downgrade attack).

(Historically speaking, you're referring to the people who practically 
invented KD.  QED - Quantum Egg Distribution to grandmas ...)

> With the short block lengths in use back then it probably would make sense to re-key every minute.

For some reason I keep asking myself why the built longer blocks after 
they knocked the wall down ... :P

iang



More information about the cryptography mailing list