Andrew Ayer <[email protected]> wrote Mon, 8 May 2017 11:11:41 -0700:
> On Thu, 4 May 2017 12:21:14 -1000 > Brian Smith <[email protected]> wrote: > >> Draft 24 of rfc6962-bis says that the log must use RFC 6979 for ECDSA >> signatures. However, the requirement to use RFC 6979 is problematic >> for several reasons, noted below. I think this group should reconsider >> if the fingerprinting threat that motivated the requirement for >> deterministic signatures is significant enough to overcome these >> problems. > > I think preventing fingerprinting is important. I suggest we loosen > the requirement on logs. Logs should still be forbidden from producing > more than one distinct signature for any given STH or SCT, but we > shouldn't specify how logs must satisfy this requirement. +1 _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
