Welome to the Internet, here's your private key
Carl Ellison
cme at acm.org
Wed Feb 6 00:19:53 EST 2002
At 02:45 PM 2/4/2002 +0100, Jaap-Henk Hoepman wrote:
>
>It's worse: it's even accepted practice among certain security
>specialists. One of them involved in the development of a CA service
>once told me that they intended the CA to generate the key pair.
>After regaining consciousness I asked him why he thought violating
>one of the main principles of public key cryptography was a good
>idea. His answer basically ran as follows: if the CA is going to be
>liable, they want to be sure the key is strong and not
>compromised. He said that the PC platform of an ordinary user simply
>wasn't secure/trusted enough to generate keys on. The system might
>not generate `good enough' randomness, or might have been
>compromised by a trojan.
That's such wonderful logic. For people like that, I offer
http://world.std.com/~cme/html/padlock.html
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list