[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: threshold subjects

> The more I look at real examples, the more valuable Tatu's threshold subject 
> appears.  I know this was considered a complication of the current draft and 
> therefore something to eliminate, but AFAIK, this is the cleanest (only?) 
> way to permit the on-line replacement of a root key which has been 
> compromised.

The more general problem is that all keys have to be replaced eventually.
Do threshold subjects provide a route for replacing *all* keys (one at a
time is ok) -- i.e., replacing all n keys in a k-of-n subject?  The line
of thinking that bothers me is that to do this, one eventually has to
use some of the n keys to sign a certificate establishing a new key --
on the assumption that all n of the keys eventually go stale, assume the
adversary gets them and can then do his/her own key replacement.  This
is a problem for a verifier that hasn't been paying close attention --
it may accept the adversary's key replacement.

David L. Black            THE OPEN GROUP     Voice: +1 (617) 621-7347
The Open Group                                 Fax: +1 (617) 621-8696
Eleven Cambridge Center      RESEARCH       E-Mail: d.black@opengroup.org
Cambridge, MA  02142        INSTITUTE         http://www.opengroup.org/~dlb/

Follow-Ups: References: