[Cryptech Tech] Draft Requirements
Linus Nordberg
linus at nordberg.se
Thu Feb 19 10:38:40 UTC 2015
Jakob Schlyter <jakob at kirei.se> wrote
Wed, 11 Feb 2015 15:33:57 +0100:
| Joachim and I have collected an initial set of requirements at
| https://trac.cryptech.is/wiki/Requirements, please give us feedback.
In order to keep the use cases short and sweet, wouldn't it make sense
to remove the requirement for public key storage and verification for
the Tor use case?
The reasoning is that the goal of the Tor case is to move authority
signing keys off of general purpose computers running directory
authorities. This in order to minimise the risk of an attacker grabbing
a copy for producing consensuses elsewhere. It seems to me that the
argument for verifying signatures in separate hardware is hard to make.
I can make the change on the wiki page unless the list has another
opinion.
More information about the Tech
mailing list