1 outline for 1 hr seminar talk to CS/security academics
3 - key-based authentication is here to stay. (e.g. https, ssh).
6 - raises key management/distribution issues
8 - what PKIs are available? X.509, OpenPGP, SPKI
10 - social vulnerabilities - single-signer vs. multi-signer
12 - protocol vulnerabilities - single cert vs. multi-cert (server
15 - utility for group-internal work, phased approach to public
19 Stream-based communications over the public network have an
20 authentication problem. Most data streams are not authenticated in
21 either direction, and most of those that are authenticated in at least
22 one direction use authentication regimes which suffer from a range of
23 known structural problems.
25 Public-key-based authentication offers security advantages over
26 shared-secret approaches, but it introduces additional questions of
27 key distribution, binding, and revocation. Two common solutions to
28 these problems on today's network are X.509 certificates (used by TLS
29 connections like HTTPS) and so-called "key continuity management"
30 (KCM) (used by popular SSH implementations and the "security
31 exceptions" interface for some web browsers). Both of these schemes
32 present security concerns of their own: KCM has trouble with initial
33 contact, key revocation, and re-keying; and X.509's single-issuer
34 certificate format has a systemic bias that selects for unaccountable
35 third-party authorities. New work ("the Monkeysphere") extends the
36 OpenPGP Web of Trust into authenticating stream-based communications
37 (instead of its traditional message-based environment of e-mails and
38 files) by means of a protocol-independent overlay. As a simple,
39 alternative PKI, the Monkeysphere resolves these failings, and also
40 provides features currently only available as protocol extensions
projects / monkeysphere.git / blob