dual-use digital signature vulnerabilityastiglic at okiok.com
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jul 26 19:40:25 EDT 2004
Anne & Lynn Wheeler <lynn at garlic.com> write:
>the assertion here is possible threat model confusion when the same exact
>technology is used for two significantly different business purposes.
I don't think there's any confusion about the threat model, which is "Users
find it too difficult to generate keys/obtain certs, so if the CA doesn't do
it for them the users will complain, or not become users at all". Having the
CA generate the key addresses this threat model.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list