- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 3 Feb 2003 09:19:23 -0800
- To: stephen.farrell@baltimore.ie, "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: www-xkms@w3.org
Received on Monday, 3 February 2003 12:19:30 UTC
> I'm not so sure its a major problem, perhaps more of a > feature:-) Don't > you have an implicit public key certificate once the same response is > sent out twice? You have an implicit public key certificate with probably a very short lifespan like 1 day. This is not an abstract problem comming from a hypothetical problem. The same issue comes up with DNSSEC. I have done some calculations and I recon that for the same price as the faux-PKI proposed by the DNS-SEC group it would be possible to support an XKMS service. So I have to be able to scale to ten billion or so transactions a day. I need the option of static data to reliably serve over 10 million or so requests. > Anyway, what'd prevent the application of two signatures, one covering > the static data, the other (which can use an on-line, lower quality > signing key) including the replay protection stuff? I still end up having to sign the RequestID. Phill
Received on Monday, 3 February 2003 12:19:30 UTC