[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: three digital signature models ... for x9.59
-----BEGIN PGP SIGNED MESSAGE-----
Lynn,
thanks for the post. In SPKI terms, model 2 boils down to sending an
online-test request line instead of a certificate, since the online test
result could be thought of as a very short lived certificate.
Alternatively, one could send a short lived certificate or a pointer to one,
depending on whether you want the prover or the verifier to do the work of
fetching the short lived cert. I can't really tell the difference between
2 and 3. I guess I share Phill's POV that these three models are all
the same, with slight variation of parameters.
The really different model, IMHO, would be that of the credit card example
where the issuer and verifier are the same entity, so that the certificate
can be replaced by an ACL.
Re: denial of service: it's not perfect, but if the protocol requires the
requester to sign a random challenge and RSA is used, then the RSA imbalance
between signing and verifying gives the hacker a disadvantage.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNISSChN3Wx8QwqUtAQGcKwP+OGjfFzJAKkGj+pJKttkvc7aQ6PKu9nTm
3eHTWBsnCSN6PFlxhbIkjlH4N7Nu0mQDyjuFqJELgO2ePiQRPn2wbLG2FVFFCBW9
8dnQWzfergv63h2cbyxoH7qk2qxJw6cisYf60MPTBvOejG3EBmCWcqk9xs6MDlQp
qAOqoNGG+MM=
=eCPw
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: