[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple signature schemes

To: "Brian M. Thomas" <bt0008@entropy.sbc.com>
Subject: Re: Multiple signature schemes
From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Date: Tue, 03 Sep 1996 15:02:07 EDT
Cc: bjueneman@novell.com, angelos@gradine.cis.upenn.edu, spki@c2.org
In-Reply-To: Your message of "Tue, 03 Sep 1996 11:24:13 CDT." <199609031624.LAA25071@entropy.sbc.com>
Posted-Date: Tue, 3 Sep 1996 15:02:07 -0400 (EDT)
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----


In message <199609031624.LAA25071@entropy.sbc.com>, "Brian M. Thomas" writes:
>> That is all well and good from a theoretical standpoint, but operationally i
>t
>> would be very expensive, at least in the case of certificates which
>> would have to be validated very often, because of all of the additional
>> signatures that must be checked. That would be the primary advantage
>> of something like the Frankel-DeSmedt algorithm.
>> 

AutoCerts would solve that part i think.

Take note that if we don't use some enforcing multi-signature
algorithm (in which no partial signature verifies), the "K out of N"
thing automatically becomes voluntary, in the sense that
people/implementations could just go ahead and check only one
signature and ignore the K/N indication. We might not particularly
care about those cases, but we should definitely express our policy.
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMiyAor0pBjh2h1kFAQHkRgP8D2SmyLNePu+IE1idJImGHIrgi8Dj3zCO
xiX4nWNNO2xWwr3l3a9Gt9cZ+umccw+7eww2oQN5FansK/48MoM8Bn+AM9y5sSdJ
8p1guqUlHM+AdiNNN3Ij+Qd8V2GlCyKG6xBsqViJ52mtqUQRoRtlEygXQaoglMzb
yssFgfSSzNE=
=vzhi
-----END PGP SIGNATURE-----

Prev by Date: Re: Thoughts on the draft
Next by Date: Re: Thoughts on the draft
Prev by thread: RE: spec for wire format of SPKI cert -Reply
Next by thread: RPK Public Key Encryption System
Index(es):
- Main
- Thread