[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Photuris variant

Ref:  Your note of Sun, 5 Mar 95 12:03:19 GMT (attached)


A clarification: I use the term "off-line signatures", to refer to Photuris
signatures that are pre-computed (independent of a key exchange with
a particular party).  Is it clear now?


* you confuse the possible use of expiration time in the signature of g^x with
expiration time for public-keys (two completely unrelated things)

* you talk about the advantage of (plain) Photuris supporting different PK
databases (and no waiting for X.509) when there is no difference in that
sense with the variant I propose.

* I do not understand the meaning of:
 > Weakening.  A predictable future vulnerability may not be "hidden" from
 > security analysts, but it _is_ hidden from users.

* The danger of stealing (temporary) keys is not a theoretical threat. It is
  an actual practical one.

* You still don't get the issue of anonymity and the way I solve it. Read my
  notes again. In particular:

 > Yes, it is clear that you do not use the term "positively identify" in
 > the same fashion as the rest of us.


* Pre-computation is NOT a requirement. The practical requirement is to
  accomodate ALSO solutions that tune the security (in a well-defined and
  understood way) for improved performance. You can achieve that via
  pre-computation or other ways as well.

* Finally,
 > My question boils down to "why would anyone go to the trouble".  If you
 > say that nobody who knows what they are doing will use it, then why
 > define it?

 I was NOT saying that nobody will do it. I gave several examples where it is
 reasonable to do it. And people (in general) are reasonable.