[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A Photuris variant
Ref: Your note of Sun, 5 Mar 95 12:03:19 GMT (attached)
Bill,
A clarification: I use the term "off-line signatures", to refer to Photuris
signatures that are pre-computed (independent of a key exchange with
a particular party). Is it clear now?
Besides
* you confuse the possible use of expiration time in the signature of g^x with
expiration time for public-keys (two completely unrelated things)
* you talk about the advantage of (plain) Photuris supporting different PK
databases (and no waiting for X.509) when there is no difference in that
sense with the variant I propose.
* I do not understand the meaning of:
> Weakening. A predictable future vulnerability may not be "hidden" from
> security analysts, but it _is_ hidden from users.
* The danger of stealing (temporary) keys is not a theoretical threat. It is
an actual practical one.
* You still don't get the issue of anonymity and the way I solve it. Read my
notes again. In particular:
> Yes, it is clear that you do not use the term "positively identify" in
> the same fashion as the rest of us.
????????????
* Pre-computation is NOT a requirement. The practical requirement is to
accomodate ALSO solutions that tune the security (in a well-defined and
understood way) for improved performance. You can achieve that via
pre-computation or other ways as well.
* Finally,
> My question boils down to "why would anyone go to the trouble". If you
> say that nobody who knows what they are doing will use it, then why
> define it?
I was NOT saying that nobody will do it. I gave several examples where it is
reasonable to do it. And people (in general) are reasonable.
Hugo