<<On Mon, 23 Oct 2017 20:00:53 -0400, Eric McCorkle <[email protected]> said:
> However, there is a definite advantage to having one signature for a > huge number of MACs. Moreover, as I mention in the paper, the most > feasible quantum-safe signature scheme at the present is SPHINCS, which > has signatures about 40Kib in size. That's pretty terrible if you're > signing each executable, but if you're signing 20-30k MACs at 16-32 > bytes per code plus a path, suddenly a 40Kib signature doesn't look so > bad anymore. It would be pretty great to roll out a trust > infrastructure AND viable quantum-safe signatures. > I could also see a combined scheme, say, where ELF files carry a UUID > which indexes into a MAC manifest. Since packages are already distributed with signatures over the entire package manifest, it would be nice if you could use the package system to feed this. -GAWollman _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
