[15838] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: dual-use digital signature vulnerability

daemon@ATHENA.MIT.EDU (Sean Smith)
Wed Jul 28 13:33:54 2004

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <E1BpFHl-0007zf-RY@medusa01>
From: Sean Smith <sws@cs.dartmouth.edu>
Date: Mon, 26 Jul 2004 20:07:22 -0400
To: cryptography@metzdowd.com

For what it's worth, last week, I had the chance to eat dinner with 
Carlisle Adams (author of the PoP RFC), and he commented that he didn't 
know of any CA that did PoP any other way than have the client sign 
part of a CRM.

Clearly, this seems to contradict Peter's experience.

I'd REALLY love to see some real numbers here---how many CAs (over how 
many users) do PoP a sane way; how many do it a silly way;  what 
applications people use their keys for, etc.

--Sean

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15838] in cryptography@c2.net mail archive

Re: dual-use digital signature vulnerability

daemon@ATHENA.MIT.EDU (Sean Smith)Wed Jul 28 13:33:54 2004

daemon@ATHENA.MIT.EDU (Sean Smith)
Wed Jul 28 13:33:54 2004