Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not a security expert, just an interested amateur.

Can someone explain how this step doesn't invalidate all of the hours of ceremony and procedure?

"Later Okubo will transmit the key on a secure channel to Verisign and this signed key will be made live across the internet."



Signing the key is the important part. Proving that the key was in fact created by the people it was supposed to be. (I think they key does have to be kept secure, which could be done by using a one time pad. Theoretically unbreakable.)


Right, that part I get. But isn't the security of the resultant key now left entirely to Verisign?


I think that's why the key is only valid for 3 months.


That's a public key/private key issue (I think!): the key he sends to Verisign will be the public key from the ceremony, not the private key.

If I'm mistaken about this, I hope the secure channel is very very very secure!


Indeed! And I'm not even thinking about the communication channel as much as...Verisign. Not picking on them, but it's just a single, US based organization.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: