1995-11-26 - Re: Cypherpunk Certification Authority

Header Data

From: James Black <black@eng.usf.edu>
To: anonymous-remailer@shell.portal.com
Message Hash: 75fbd2548d1d8a59d9aae75da014d7b37872dda3262ba07cf8d55e9714bafcd1
Message ID: <Pine.SUN.3.91.951126164434.2346A-100000@kinks>
Reply To: <199511260953.BAA10105@jobe.shell.portal.com>
UTC Datetime: 1995-11-26 22:02:32 UTC
Raw Date: Mon, 27 Nov 1995 06:02:32 +0800

Raw message

From: James Black <black@eng.usf.edu>
Date: Mon, 27 Nov 1995 06:02:32 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Cypherpunk Certification Authority
In-Reply-To: <199511260953.BAA10105@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.951126164434.2346A-100000@kinks>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Sun, 26 Nov 1995 anonymous-remailer@shell.portal.com wrote:

> > 	Its an excellent paper, well worth reading, but the basic
> > problem is that X.509 encrypts before signing.
> 
> You'd rather sign before encryption??
> 
> Doesn't that give you "known plain-text" to attack?  i.e. the signature.
> 
> I'm not sure whether it would or wouldn't, but I'm sure some
> cryptographers here might clear that up mighty quick -- before any more
> harm is allowed, I mean. 

  The paper suggested that you have two different keys, one for 
encryption and the other for signatures, and you don't mix the two up, so 
that way you are protecting yourself from someone forging your 
signature, but you are not letting them know what your private key is.
  Make sense?  I would suggest that you read the paper, as it is really 
an excellent document.

==========================================================================
James Black (Comp Sci/Comp Eng sophomore)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
**************************************************************************






Thread