Julien Pierre wrote:

... as it would cause the application to produce errors in cases the standards state are valid...

When I said that the two models are complementary, I was
assuming that both the software and the user would know whether
the secured interaction is operating under TTP *or* KCM, I was
specifically *not* assuming something like one of the in-vogue
efforts to "strengthen" TTP model by piggy-backing KCM on top
of TTP.

It appears to me that the distinction between the two is so
substantial that no user will have any problem understanding it.
Indeed, if there are problems in the current TTP-only system
- ad there seems to be a general agreement there are - then a
clear understanding of the role and presence of the trusted
third party (now lacking, in the mind of most users) would
improve the security, even in TTP interactions.


mozilla-crypto mailing list

Reply via email to