[cryptography] Well, that's depressing. Now what?

Marsh Ray marsh at extendedsubset.com
Tue Jan 31 12:38:49 EST 2012


On 01/31/2012 05:21 AM, ianG wrote:
>
> major software product that still calls self-signed certificates
> "snake-oil" certificates. Which is upside down, the use of the term
> itself can be snake-oil recursively.

That would make it 'Ouroboris oil'.

> Yes, easy. QKD requires hardware. A laser+receiver at each end fiber in
> the middle. Software techniques don't impose any hardware costs.
>
> QKD is only ever point to point. It can never be end to end. We now have
> a 1.5 decade experiment that tells us that point to point security is
> pretty much ... cosmetic for serious purposes.

Now, now. Weren't you just sticking up for self-signed certs?

Different applications have different needs. For the foreseeable future, 
QKD requires dedicated hardware at each end of an unboosted fiber 
circuit. This is OK! Every system has known limitations.

> It's like this: in principle, it is possible to imagine a "perfect" link
> between those two boxes. But, those two boxes aren't customer
> applications. Pretty much all customer applications are more complex
> than two end-points and a piece of string between.

There are some fixed point-to-point connections of bicycle distance in 
the world needing security from fiber-splicing attackers who control the 
physical key distribution and might also (can't say for sure) secretly 
have better mathematicians than the rest of the world.

You know what QKD would have been great for?  West Berlin.

With the short block lengths in use back then it probably would make 
sense to re-key every minute.

- Marsh



More information about the cryptography mailing list