[cryptography] Well, that's depressing. Now what?

Bill Squier groo at old-ones.com
Tue Jan 31 13:50:01 EST 2012


On 01/31/2012 05:21 AM, ianG wrote:
> 
> major software product that still calls self-signed certificates
> "snake-oil" certificates. Which is upside down, the use of the term
> itself can be snake-oil recursively.

That would make it 'Ouroboris oil'.

> Yes, easy. QKD requires hardware. A laser+receiver at each end fiber in
> the middle. Software techniques don't impose any hardware costs.
> 
> QKD is only ever point to point. It can never be end to end. We now have
> a 1.5 decade experiment that tells us that point to point security is
> pretty much ... cosmetic for serious purposes.

Now, now. Weren't you just sticking up for self-signed certs?

Different applications have different needs. For the foreseeable future, QKD requires dedicated hardware at each end of an unboosted fiber circuit. This is OK! Every system has known limitations.

> It's like this: in principle, it is possible to imagine a "perfect" link
> between those two boxes. But, those two boxes aren't customer
> applications. Pretty much all customer applications are more complex
> than two end-points and a piece of string between.

There are some fixed point-to-point connections of bicycle distance in the world needing security from fiber-splicing attackers who control the physical key distribution and might also (can't say for sure) secretly have better mathematicians than the rest of the world.

You know what QKD would have been great for?  West Berlin.

With the short block lengths in use back then it probably would make sense to re-key every minute.

- Marsh
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list