[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: multiple digitale signatures

To: Graham.Bland@xxxxxxxxxxxxxxx, ietf-pkix@xxxxxxx
Subject: RE: multiple digitale signatures
From: Sönke Maseberg <maseberg@xxxxxxxxxxxxxxxx>
Date: Wed, 21 Feb 2001 11:03:21 +0100

Graham,

we are working at the problems if a signature algorithm is compromised
suddenly without any time to change the algorithm parameters, keys oder
key lengths. IMO the CA is responsible for the certificates of the CHs.
If now a failure occurs, the shocked certificates have to be revoked.
The idea is to revoke the certificates not explicitly but implicitly
through the revocation of the used signature algorithms. The benefit
would be a shorter CRL, and the benefit grows up if many CHs are
involved.

I agree that for multiple digital signatures different signature
algorithms have to be used with independent components like hash
algorithm and independent basic mathematical problems. The use of
multiple digital signatures is optional in relation to the specific
application: In authentication applications it makes less sense. But the
signatures in e.g. e-government have to be proofable for many years.

Sönke

Prev by Date: Re: Algorithm revocation
Next by Date: Re: certificate policies extension in RFC2459 and new-part1-04
Previous by thread: RE: multiple digitale signatures
Next by thread: RE: multiple digitale signatures
Index(es):
- Date
- Thread