dual-use digital signature vulnerability

[Sean Smith]

For what it's worth, last week, I had the chance to eat dinner with 
Carlisle Adams (author of the PoP RFC), and he commented that he didn't 
know of any CA that did PoP any other way than have the client sign 
part of a CRM.

Clearly, this seems to contradict Peter's experience.

I'd REALLY love to see some real numbers here---how many CAs (over how 
many users) do PoP a sane way; how many do it a silly way;  what 
applications people use their keys for, etc.

--Sean

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com