[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signing only your own public component

    It seems to me that there are some serious drawbacks to an authenticated
key exchange in which you sign only your own public component and not the
one you receive.

	If an intruder can get your signature on a public component
	for which he knows the secret component, he can impersonate
	you.  This means you have to audit the implications of each
	use of signature to be sure you don't create a path to this

	It has the same unaesthetic quality as DSS in creating a secret
	whose intended use is ephemeral, but whose compromise has long
	term consequences.  If for whatever reason, the secret
	component is compromised, the recipient acquires the power to
	impersonate.  There is an architecture with many attractive
	features that this would make hazardous --- doing the
	Diffie-Hellman part in a workstation and only having the
	signature done by a smart card.


----- End Included Message -----