[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Multiple signature schemes
-----BEGIN PGP SIGNED MESSAGE-----
In message <199609031624.LAA25071@entropy.sbc.com>, "Brian M. Thomas" writes:
>> That is all well and good from a theoretical standpoint, but operationally i
>> would be very expensive, at least in the case of certificates which
>> would have to be validated very often, because of all of the additional
>> signatures that must be checked. That would be the primary advantage
>> of something like the Frankel-DeSmedt algorithm.
AutoCerts would solve that part i think.
Take note that if we don't use some enforcing multi-signature
algorithm (in which no partial signature verifies), the "K out of N"
thing automatically becomes voluntary, in the sense that
people/implementations could just go ahead and check only one
signature and ignore the K/N indication. We might not particularly
care about those cases, but we should definitely express our policy.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----