- From: Aaron Swartz <aswartz@swartzfam.com>
- Date: Mon, 30 Apr 2001 18:19:39 -0500
- To: Tim Kindberg <timothy@hpl.hp.com>, "Sean B. Palmer" <sean@mysterylights.com>, Sandro Hawke <sandro@w3.org>
- CC: <uri@w3.org>
Tim Kindberg <timothy@hpl.hp.com> wrote: > Your protocol describes > that encryption as being optional. It's not: otherwise, an attacker could > seize the value, sign it with their key, and thus later be able to 'prove' > it went to them. Actually this isn't true. Assuming that the encryption was simple SSL/HTTP the difference in security isn't very great. Anyone attacking the machine itself would have the decrypted key either way. Any attacker snooping on the packets as they went through could easily execute a man-in-the-middle attack. Knowing how few users check the certificates carefully and look at security details, I'm sure it would go by rather unnoticed for most. > So you demonstrate assignment by possession of a key, I prove it by > possession of the value. My approach has the advantage that it isn't broken > if Alice's key is compromised. Your approach has the possible advantage Actually, if Alice's key is compromised, and you know the date of the compromise, then you can still trust documents before that date. > that Alice can directly prove 'she's the one' to principals other than the > trusted third party. Can you think of any other advantages/disadvantages, > either way? I think you get some benefit from the Alice's public key being spread far and wide, but I'm not sure what it is! -- [ Aaron Swartz | me@aaronsw.com | http://www.aaronsw.com ]
Received on Monday, 30 April 2001 19:22:39 UTC