dual-use digital signature vulnerability
Sean Smith
sws at cs.dartmouth.edu
Mon Jul 26 20:07:22 EDT 2004
For what it's worth, last week, I had the chance to eat dinner with
Carlisle Adams (author of the PoP RFC), and he commented that he didn't
know of any CA that did PoP any other way than have the client sign
part of a CRM.
Clearly, this seems to contradict Peter's experience.
I'd REALLY love to see some real numbers here---how many CAs (over how
many users) do PoP a sane way; how many do it a silly way; what
applications people use their keys for, etc.
--Sean
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list