- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 27 Nov 2002 18:59:32 -0800
- To: www-xkms@w3.org
Received on Wednesday, 27 November 2002 22:06:41 UTC
Just been thinking / editing the spec. Thought occurred to me do we know that the private key is secure if the passphrase is revealled? Case which bothers me is as follows, pass phrase is sent via email. I think we need to have a bit of glue here to make sure that the private key is not compromised. Could be a requirement to communicate the private key in a super encrypted channel, could involve an ephemeral D-H (complex or what)? Phill
Received on Wednesday, 27 November 2002 22:06:41 UTC