Marsh Ray writes: > Why would they need to? > > What's the difference between a private key in the wild and a pwned > CA that, even months after a breakin and audit, doesn't revoke or > even know what it signed? > > (This is a serious question)
The pwned CA leaves evidence that other people can potentially discover or collect. It also means that an individual user who knows what public-key cryptography is can potentially do something to determine whether an alleged key is valid. -- Seth David Schoen <[email protected]> | No haiku patents http://www.loyalty.org/~schoen/ | means I've no incentive to FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
