| 1 |
On Thursday 25 March 2004 15:39, Chris Bainbridge wrote: |
| 2 |
> > The use of N |
| 3 |
> > different machines that generate signing keys might be a way to lessen |
| 4 |
> > this risk. |
| 5 |
> |
| 6 |
> The n of m signature check here is a good thing - it requires an attacker |
| 7 |
> to compromise n machines holding intermediate keys. If the client chooses |
| 8 |
> the n randomly then the chance of choosing the permutation that has been |
| 9 |
> attacked is unlikely. |
| 10 |
|
| 11 |
Sorry, I just realised you meant checking the public keys from every signing |
| 12 |
server. An attack would therefore require the compromise of every signing |
| 13 |
server to be able to generate the signatures from them all. |
| 14 |
|
| 15 |
-- |
| 16 |
gentoo-dev@g.o mailing list |
Archives