[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth



At 09:29 AM 6/20/96 -0400, David P. Kemp wrote:
>
>Date: Wed, 19 Jun 1996 18:10:24 -0500 (CDT)
>From: "Brian M. Thomas" <bt0008@entropy.sbc.com>
>
>>> (3) verification of the uniqueness of keying material shall be guaranteed
>>> during each naming attestation by each and every principal in the domain
>>
>> Perhaps you could explain why this should be so.
>
>
>It would be unfortunate if two totally unrelated users shared, by
>chance, the same keying material.  It would be more unfortunate if one
>or the other of them discovered this fact.


This would indeed be unfortunate.

However, it's more than that.  It would mean a serious weakness in key
generation procedures and be a huge security flaw for the app involved.

If key generation were guaranteed to have enough real entropy for the key
size, I don't worry about the 2^{-1024} or less chance of duplicate key
generation (worse for elliptic curves because keys are smaller, but still
infinitessimal).

Are you suggesting that a single entity generate all keys so that if there's
a weakness it can let out only unique keys and no one becomes aware of the
weakness?

...that a single entity register all public keys, so that it can say "oops,
try that one again -- and we're not telling you why"?

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+