[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cypherpunk Certification Authority


On Sun, 26 Nov 1995 [email protected] wrote:

> > 	Its an excellent paper, well worth reading, but the basic
> > problem is that X.509 encrypts before signing.
> You'd rather sign before encryption??
> Doesn't that give you "known plain-text" to attack?  i.e. the signature.
> I'm not sure whether it would or wouldn't, but I'm sure some
> cryptographers here might clear that up mighty quick -- before any more
> harm is allowed, I mean. 

  The paper suggested that you have two different keys, one for 
encryption and the other for signatures, and you don't mix the two up, so 
that way you are protecting yourself from someone forging your 
signature, but you are not letting them know what your private key is.
  Make sense?  I would suggest that you read the paper, as it is really 
an excellent document.

James Black (Comp Sci/Comp Eng sophomore)
e-mail: [email protected]