| C) Don't settle for less than X.509 ver 3, because this allows the | certificate to carry within it a reference to the location of the CRL | list. Use that feature.
Does X.509 version 3 fix the problem that Ross Anderson points out in his 'Robustness Principles' paper? (Crypto '95 proceedings, or ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z)
I don't believe that it does. For those who missed it, the problem is that the encryptor in an encrypt-before-signing protocol is able to use his knowledge of the factorization of the encryption modulus to compute a discrete log, and forge another message for which the signature is also valid (after registering the new exponent). - Mark - -- Mark Chen chen@intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D