key checks

Brad Fitzpatrick brad at danga.com
Mon May 23 12:56:40 PDT 2005


On Mon, 23 May 2005, Imran Ghory wrote:

> > The keys change so rarely that I'm counting on this logic:
> >
> >   if (check signature with DSA public key from cache) {
> >        return GOOD;
> >   } else if (check signature with DSA public key, not cached) {
> >        return GOOD;
>
> Doesn't that assume that the key coming from the ID server will always be good ?
>
> Also what if a security concious id server wants to have regular
> (daily/weekly/monthly) changing keys ?

Hence the "else if" check.  It checks the signature first with the cached
copy.  If it fails, it assumes the public key changed and fetches it
again, then redoes the DSA verification.


>
> Imran
>
>


More information about the yadis mailing list