Marshall Clow <[email protected]> writes: >This is only true if signing the malware is an expensive (in some terms) >proposition. It's certainly not expensive in terms of computing power.
The rate-limiting factor is how many certs you can steal, and how quickly. The technology side doesn't even come into it. So this is a valid measure, and will continue to be so, because you can't speed up the cert-stealing process. It's the same with monetary fraud, the rate-limiting step there is how fast you can cash out the accounts. Sure, your botnet has collected 50M accounts and associated authorisation information, but how fast can you cash them out? Velocity limiting via computationally intractable means is one security measure that is universally effective and hard to bypass. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
