On Sep 23, 2011, at 11:17 AM, Ben Laurie wrote:
> On Thu, Sep 22, 2011 at 4:46 PM, Peter Gutmann
> <[email protected]> wrote:
>> Ben Laurie <[email protected]> writes:
>>
>>> Well, don't tease. How?
>>
>> The link I've posted before (but didn't want to keep spamming to the list):
>>
>> http://www.cs.auckland.ac.nz/~pgut001/pubs/pki_risk.pdf
>
> That was a fun read and I mostly agree, but it raises some questions...
>
> a) Key continuity is nice, but ... are you swapping one set of
> problems for another? What happens when I lose my key? How do I roll
> my key? I just added a second server with a different key, and now a
> bunch of users have the "wrong" key - what do I do? How do I deal with
> a compromised key?
Great rhetorical questions, Ben. You nail it.
Continuity is great, but it has its own set of problems that include all the
ones you mention. Rolling keys is the easiest one of them and can be solved
pretty much the same way. But all the others are problems that continuity
introduces. I brought up these issues in my long rant. Continuity can solve
some, but not all of the problems.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
