should you trust CAs? (Re: dual-use digital signature vulnerability)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Jul 31 02:19:29 EDT 2004
Aram Perez <aramperez at mac.com> writes:
>I agree with Michael H. If you trust the CA to issue a cert, it's not that
>much more to trust them with generating the key pair.
Trusting them to safely communicate the key pair to you once they've generated
it is left as an exercise for the reader :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list