I was catching on this discussion and it occurred to me that
we can
generalize the following text a bit further:
Bernard Aboba wrote:
> Here is some revised text:
>
> 5.1. Peer and Authenticator Compromise
>
> Likewise, compromise of a
> single authenticator MUST NOT compromise keying
material held by any
> other authenticator within the system.
Does this mean we are ok with a key management system where
compromise
of two or more authenticators leads to the compromise of
keys help by
other authenticators? I think not.
We could reword to say "compromise of one or more
authenticators MUST
NOT compromise keying material held by the rest of the
authenticators
within the system" or something like that.
thanks Bernard,
Lakshminath
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
