On 5/2/09 03:23, Kyle Hamilton wrote:
There are two states in the NIST key state transition diagram that are appropriate to this entire concept... "compromised" (state entered when the private information associated with it -- i.e., the private key and its passphrase, and has only one possible state transition from it)
Sorry, Kyle, I don't parse that. Is there a missing phrase like "is not reliable to protect information" ?
and "compromised destroyed" (state entered either from "compromised", when no information is protected with that key anymore,
This may imply a definition by usage, rather than an objective definition of when to change state?
or from "destroyed", when no information is protected with that key and it is later found to have been compromised during its non-destroyed period). Once a key is in compromised state, it can never become uncompromised again.
OK, I see that. I find a definition of "compromise" as interesting. I did observe that argument over somewhere else when one protagonist said "compromised" means we can't show it isn't revealed, and someone else said "compromised" means we can show me it is revealed....
iang ps: Kyle, are you on the new list yet? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
