[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPKI



Regarding the April '97 edition of the proposed "Simple Public Key
Certificate":

in "3.2.1 Protection of Private Keys" you speak of some things that can go
wrong in the protection of private keys. Perhaps some of the following
should be mentioned as well, perhaps by reference.

Case 1: the private key is in a tamperproof unit:
  If that unit is connected to an ordinary computer then a virus in that
computer can abuse its access to the unit and cause signatures or
decryptions unknown to the KEYHOLDER.

Case 2: Key held in an ordinary computer protected by high entropy passphrase:
  A virus can infect the software that processes the passphrase or
alternatively insinuate itself so as to captuire the keystrokes.

Under the <hr> of <http://www.mediacity.com/~norm/Money.html> there is a
list of several papers warning of possible tampering with tamper resistent
hardware.

Norman Hardy  <http://www.mediacity.com/~norm>



Follow-Ups: