On Thu, Aug 13, 2015 at 3:17 PM, Tony Arcieri <[email protected]> wrote:
> On Thu, Aug 13, 2015 at 8:41 AM, Simon Josefsson <[email protected]> > wrote: > >> This is not a good discriminator of the CFRG options -- this problem is >> a weakness in this protocol, and should be addressed here. > > > I'd agree, this is a conceptual misuse of digital signatures. While > creating a signature algorithm resistant to this is a "neat trick" much > like nonce reuse resistant AEAD schemes, you shouldn't design protocols > that rely on that resistance in either case. > Old style crypto was to choose between a belt and braces. New style is to take the belt and the braces and sew the pants to the bottom of the shirt. People need to change their attitudes. We are designing building blocks that are going to be used by pin heads as well as geniuses. And on occasion the genius is going to build something on a bad day. The harder it is to screw up, the better.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
