What would you do?: Assume all Public Key Exchange models in use failed overnight.

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

Well, if the model is broken, then the fundamental basis for the algorithms that implement the model are broken.

As for how broken the model would be, that is a matter of judgment. How broken would something have to be, in order to considered a "catastrophe" ?

(Topic of catastrophic failure in a model would not likely be something that could be repaired quickly or easily.)

catastrophe defined:
1. A sudden and widespread disaster: the catastrophe of war.
[chop]
1. A great, often sudden calamity.
2. A complete failure
[chop]

calamity defined:
1. An event that brings terrible loss, lasting distress, or severe affliction

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

Just to be clear are you talking about the infrastructure failing? Physical, or the model. If, the model, how is it broken. To say just broke isn't very clear. The people I support tell me their computer broke, it's how and what failed that is the real statement; what are the symptoms doctor cotman. I think you are saying that the keys aren't being recognized, so no exchange is happening, correct.

xor

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

The short term would be less of a concern than the long term. If we all started using telnet, ftp, pop, http ...etc for the short term it would take time for m-hackers to adjust as well.

The long term is the real problem, first we would have to come with new crypto algorithms, standards and implementations; which take time understanding their dynamics, proving them out and testing.

There are many good already on the shelf algorithms, standards, that have already been rigorously tested. Switching to their adoption would be time consuming but faster that trying to do it from the ground up.

In fact the best case interim solution would be to move to one of those spec's since most firewalls support many.

xor

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

I'm old enough to remember when credit cards not only had no magnetic strip, but the numbers on the cards were TYPED on it, not raised. Yes the world got along fine with couriers, registered mail, pencil and paper. More F2F meets and having to fly to another continent just to utter 5 words. Yup that was my world growing up.

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

What about changes to firewall rules, or other restrictions to bandage system by denial of access?

Would you change the way you do things in life? Would you build new keys and share them privately? Pre shared secrets with people you know?

Would you assume ATM and CC transactions were safe from this? Would you stop using ATM or credit cards so much? How would you get your money? Only visit your own bank ATM?

Would you plan for looting in the streets? Prepare for possible violence?

Re: What would you do?: Assume all Public Key Exchange models in use failed overnight

If RSA and DSS were broken there would be more problems in the world than just how to pick up mail, but..

IPSec for my VPNs would be fine, they use pre-shared secrets for phase 1 instead of IKE I believe...

SSH would be tricky, and passwords instead of certificates would only help half way.. might have to switch to IPSec tunnels.

Picking up email would suck too, no more pop tls or https to web forums. APOP, while unencrypted, would be the only fall back.. oh oh, I know! kpop.

Hmm.. must ponder.