#83: CT should mandate the use of deterministic ECDSA RFC:6979 describes how to do deterministic ECDSA.
certificate transparency logs should be required to use this mechanism, for two reasons: * using non-deterministic ECDSA with a predictable source of randomness means that each signature can potentially leak the secret material of the signing key. * a log that produces two separate valid STHs with the same timestamp and same data but with different signatures should be considered dubious (though i don't have a concrete attack i can describe for this scenario yet) -- ensuring the use of deterministic ECDSA means that in normal operation, regular logs won't produce this behavior. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/83> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
