W3C home > Mailing lists > Public > www-xkms@w3.org > November 2002

Protecting the private key

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 27 Nov 2002 18:59:32 -0800
Message-ID: <CE541259607DE94CA2A23816FB49F4A34D6008@vhqpostal6.verisign.com>
To: www-xkms@w3.org
Just been thinking / editing the spec.

Thought occurred to me do we know that the private key is secure if the
passphrase is revealled?

Case which bothers me is as follows, pass phrase is sent via email. I
think we need to have a bit of glue here to make sure that the private
key is not compromised. Could be a requirement to communicate the
private key in a super encrypted channel, could involve an ephemeral D-H
(complex or what)?

	Phill

Received on Wednesday, 27 November 2002 22:06:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:18 GMT