[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: threshold subjects
> The more I look at real examples, the more valuable Tatu's threshold subject
> appears. I know this was considered a complication of the current draft and
> therefore something to eliminate, but AFAIK, this is the cleanest (only?)
> way to permit the on-line replacement of a root key which has been
> compromised.
The more general problem is that all keys have to be replaced eventually.
Do threshold subjects provide a route for replacing *all* keys (one at a
time is ok) -- i.e., replacing all n keys in a k-of-n subject? The line
of thinking that bothers me is that to do this, one eventually has to
use some of the n keys to sign a certificate establishing a new key --
on the assumption that all n of the keys eventually go stale, assume the
adversary gets them and can then do his/her own key replacement. This
is a problem for a verifier that hasn't been paying close attention --
it may accept the adversary's key replacement.
--David
============================================================================
David L. Black THE OPEN GROUP Voice: +1 (617) 621-7347
The Open Group Fax: +1 (617) 621-8696
Eleven Cambridge Center RESEARCH E-Mail: d.black@opengroup.org
Cambridge, MA 02142 INSTITUTE http://www.opengroup.org/~dlb/
============================================================================
Follow-Ups:
References: