dual-use digital signature vulnerabilityastiglic at okiok.com

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Jul 26 19:40:25 EDT 2004


Anne & Lynn Wheeler <lynn at garlic.com> write:

>the assertion here is possible threat model confusion when the same exact
>technology is used for two significantly different business purposes.

I don't think there's any confusion about the threat model, which is "Users
find it too difficult to generate keys/obtain certs, so if the CA doesn't do
it for them the users will complain, or not become users at all".  Having the
CA generate the key addresses this threat model.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list