[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on client auth
At 09:29 AM 6/20/96 -0400, David P. Kemp wrote:
>
>Date: Wed, 19 Jun 1996 18:10:24 -0500 (CDT)
>From: "Brian M. Thomas" <bt0008@entropy.sbc.com>
>
>>> (3) verification of the uniqueness of keying material shall be guaranteed
>>> during each naming attestation by each and every principal in the domain
>>
>> Perhaps you could explain why this should be so.
>
>
>It would be unfortunate if two totally unrelated users shared, by
>chance, the same keying material. It would be more unfortunate if one
>or the other of them discovered this fact.
This would indeed be unfortunate.
However, it's more than that. It would mean a serious weakness in key
generation procedures and be a huge security flaw for the app involved.
If key generation were guaranteed to have enough real entropy for the key
size, I don't worry about the 2^{-1024} or less chance of duplicate key
generation (worse for elliptic curves because keys are smaller, but still
infinitessimal).
Are you suggesting that a single entity generate all keys so that if there's
a weakness it can let out only unique keys and no one becomes aware of the
weakness?
...that a single entity register all public keys, so that it can say "oops,
try that one again -- and we're not telling you why"?
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+