[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Signing only your own public component
It seems to me that there are some serious drawbacks to an authenticated
key exchange in which you sign only your own public component and not the
one you receive.
If an intruder can get your signature on a public component
for which he knows the secret component, he can impersonate
you. This means you have to audit the implications of each
use of signature to be sure you don't create a path to this
end.
It has the same unaesthetic quality as DSS in creating a secret
whose intended use is ephemeral, but whose compromise has long
term consequences. If for whatever reason, the secret
component is compromised, the recipient acquires the power to
impersonate. There is an architecture with many attractive
features that this would make hazardous --- doing the
Diffie-Hellman part in a workstation and only having the
signature done by a smart card.
Whit
----- End Included Message -----