[10404] in cryptography@c2.net mail archive
Re: Welome to the Internet, here's your private key
daemon@ATHENA.MIT.EDU (Carl Ellison)
Wed Feb 6 11:51:22 2002
Message-Id: <3.0.5.32.20020205211953.01c4d920@localhost>
Date: Tue, 05 Feb 2002 21:19:53 -0800
To: cryptography@wasabisystems.com
From: Carl Ellison <cme@acm.org>
In-Reply-To: <wuxt1htz.fsf@smtp.xs4all.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 02:45 PM 2/4/2002 +0100, Jaap-Henk Hoepman wrote:
>
>It's worse: it's even accepted practice among certain security
>specialists. One of them involved in the development of a CA service
>once told me that they intended the CA to generate the key pair.
>After regaining consciousness I asked him why he thought violating
>one of the main principles of public key cryptography was a good
>idea. His answer basically ran as follows: if the CA is going to be
>liable, they want to be sure the key is strong and not
>compromised. He said that the PC platform of an ordinary user simply
>wasn't secure/trusted enough to generate keys on. The system might
>not generate `good enough' randomness, or might have been
>compromised by a trojan.
That's such wonderful logic. For people like that, I offer
http://world.std.com/~cme/html/padlock.html
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
