distribution of public keys 1.public announcement: convenience weakness:任何人都可以仿造public annyouncement 2.publicly available directory: {name,public key} registration 必須要本人(in person) 或是經過安全認證(secure authentication communication) 3.public key authority: Tighter control fig 10.3 step1 :request||Time1 (a->public-key authority) step2 :Ekr[Kub||request||Time1] (public-key authority->a) step3 :Eku[IDa||N1] (a->b) step4 :request||time2 (b->public key authoruty) step5 :Ekr[Kua||request||time2] (public-key authority->b) step6 :Ekua[n1||n2] (b->a)-| step7 :Ekub[n2] (a->b)-|----desirable, not required 4.public-key certificate exchange key without contacting public-key authority fig 10.4 a和b在之前就分別給Certificate authority他們之間的public key certificate authority 會分別generate Ca=Ekr[Time1,IDa,Kua] 和Cb=Ekr[time2,IDb,Kub] 在互相交換 (time即為有效時間 故不用電子簽章) distribution public-key simple (互傳public-key和ID only) Ks會被竊取 public key和ID也會被假造 secret key distribution with confidentiality and authentication step1. Ekub[N1||ID] (a->b) step2. Ekua[N1||N2] (a<-b) 確定為b step3. Ekub[N2] (a->b) 確定為a step4. Ekub[Ekra[Ks]] (a->b) A Hybird Scheme IBM mainuframes: KDC shares a secret master key secret session key is encrypted by master key public key is used to distribution master key performance session key用PKE太慢 Public keys 只被用來update master key Back compatiablity with an existing KDC sheme -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.135.222.145