[15860] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: should you trust CAs? (Re: dual-use digital signature vulnerability)

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sun Aug 1 15:52:40 2004

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: adam@cypherspace.org, aramperez@mac.com,
	Michael_Heyman@mcafee.com
Cc: cryptography@metzdowd.com
In-Reply-To: <BD2DD261.F3B3%aramperez@mac.com>
Date: Sat, 31 Jul 2004 18:19:29 +1200

Aram Perez <aramperez@mac.com> writes:

>I agree with Michael H. If you trust the CA to issue a cert, it's not that
>much more to trust them with generating the key pair.

Trusting them to safely communicate the key pair to you once they've generated
it is left as an exercise for the reader :-).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15860] in cryptography@c2.net mail archive

Re: should you trust CAs? (Re: dual-use digital signature vulnerability)

daemon@ATHENA.MIT.EDU (Peter Gutmann)Sun Aug 1 15:52:40 2004

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sun Aug 1 15:52:40 2004