Cryptography Reference
In-Depth Information
are often preinstalled in users' Web browsers. This asymmetric set-up — the server
is authenticated but the user is not — is acceptable since the user is typically the one
who provides crucial information such as her credit card number. A comprehensive
introduction to the large field of PKI and certificates is given in the topic [2]. An in-
teresting and entertaining discussion about the alleged shortcomings of PKI is given
in [74], and an equally instructive rebuttal is online at [107].
We introduced certificates and a public-key infrastructure as the main method
for authenticating public keys. Such hierarchical organized certificates are only one
possible approach, though this is the most widely used one. Another concept is the
web of trust that relies entirely on trust relationships between parties. The idea is
as follows: If Alice trusts Bob, it is assumed that she also wants to trust all other
users whom Bob trusts. This means that every party in such a web of trust implicitly
trusts parties whom it does not know (or has never met before). The most popular
example for such a system are Pretty Good Privacy (PGP) and Gnu Privacy Guard
(GPG) , which are widely used for signing and encrypting emails.
13.5 Lessons Learned
A key transport protocol securely transfers a secret key to other parties.
In a key agreement protocol, two or more parties negotiate a common secret key.
In most common symmetric protocols, the key exchange is coordinated by a
trusted third party. A secure channel between the third party and each user is
only required at set-up time.
Symmetric key establishment protocols do not scale well to networks with large
numbers of users and they provide typically no perfect forward secrecy.
The most widely used asymmetric key establishment protocol is the Diffie-
Hellman key exchange.
All asymmetric protocols require that the public keys are authenticated, e.g., with
certificates. Otherwise man-in-the-middle attacks are possible.
Search WWH ::




Custom Search