17 Dec
2003
17 Dec
'03
11:17 p.m.
oops Earlier, I said :
My limited mind induces me to think that a certificate become subject to
timing attacks on the RSA private signing key.
In this case, certificate verification processes seem flawed and highly unreliable.
I meant that on-line certificate issuing, notary and similar services where data is submitted to a system for processing/RSA encryption are subject to this for of attack. Parts of the SEPP/STT protocols appear to require this of merchants and customers. I retract my comments about ecash/echeques - I'm not sure of the implications there yet. As for SEPP/STT - another nail in the coffin, me thinks. lyal