[15836] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerabilityastiglic@okiok.com
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Jul 28 13:31:25 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: lynn@garlic.com, pgut001@cs.auckland.ac.nz
Cc: astiglic@okiok.com, cryptography@metzdowd.com,
sws@cs.dartmouth.edu
In-Reply-To: <6.1.2.0.2.20040725133222.0387de40@mail.comcast.net>
Date: Tue, 27 Jul 2004 11:40:25 +1200
Anne & Lynn Wheeler <lynn@garlic.com> write:
>the assertion here is possible threat model confusion when the same exact
>technology is used for two significantly different business purposes.
I don't think there's any confusion about the threat model, which is "Users
find it too difficult to generate keys/obtain certs, so if the CA doesn't do
it for them the users will complain, or not become users at all". Having the
CA generate the key addresses this threat model.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
