If I can distribute valid long-term keys, I can use them to sign the certificates for NTS-KE servers and don't need Roughtime to get started.
Kyle’s right. Roughtime increases the amount of work the attacker has to do by saying they must compromise multiple machines. That’s different from a single long-term key.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
