A. Michael Froomkin writes:
I know I can put an expiration date on the certificate, but that's not enough. I can accumulate a lot of exposure in a few seconds, much less weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
Undeniable digital signatures. They're not 'undeniable' differently from normal digital signatures, but they do require the cooperation of the signer to confirm the signature. Thus, a KCA could decide only to verify a signature 50 times, or once per day (or once per being paid the $10 signature verification fee.) Schneier has a decent amount on undeniable digital signatures. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume