Levi Broderick wrote:
Ian G wrote:
Finally, the ID has passed the point of minor tweaks. We've been at
this for a decade now. No more changes please, seal the document and
let's move on. I vote NO to any changes, even without knowing what they
are ;)
Of course!
The reason for my original question was that I was unsure if such a
packet could be used to undermine the security of any protocols in the
system. Now that I think about it, though, I don't see how it could be
done.
Always worth probing, as long as you don't mind the cringing
of those fearful of yet more changes to the Doc :)
It's unlike other attacks that use the software as an oracle
since public key information is - well - public. :)
Just a minor quibble: just because a key is named "public",
it doesn't mean it is public. The key marked as "public" is
to be sent to your counterparty ... and we need to be
careful to not confuse counterparty with "the whole world."
(I say this because I recently saw a discussion where a CA's
criteria for audit specified that the public keys had to be
published in public ... and the CA in question deliberately
does not publish public keys ... because that might breach
privacy rules ... )
iang