Re: Why are secure web pages are so !@#$%^&*()_ slow

EKR (ekr@rtfm.com)
14 Jan 1999 22:38:36 -0800

• Next message: bram: "Re: The Revolution Drops Trou (was Re: Wired Reporter Query...)"
• Previous message: James A. Donald: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: EKR: "Re: Why are secure web pages are so !@#$%^&*()_ slow"

"James A. Donald" <jamesd@echeque.com> writes:

> --
> At 09:05 AM 1/14/99 -0800, EKR wrote:
> > James, I think you're missing David's point here. I'll try
> > to rephrase.
> >
> > A short shared secret like a PIN is too small to use alone,
> > either for purposes of authentication or MEK
>
> You are missing my point: That it is used for
> authentication, and it should not be.
Given that your previous message said:

   But if we have a shared secret, then in principle we do not
   need PK, and if we have permanent public keys, we do not need
   a four digit shared secret.

I think it's easy to see how I might have gotten a different
impression. This is the statement to which I am referring, and
it is wrong. The shared secrets we currently have are not suitable
for any security purpose without public key augmentation.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]

• Next message: bram: "Re: The Revolution Drops Trou (was Re: Wired Reporter Query...)"
• Previous message: James A. Donald: "Re: Why are secure web pages are so !@#$%^&*()_ slow"
• In reply to: EKR: "Re: Why are secure web pages are so !@#$%^&*()_ slow"