Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wait, what good is a signature then if you can craft it? I may have misunderstood, would appreciate a dumbed down answer.


A signature is good in this use case:

1) You have a public key you trust.

2) You get a message + hash + signature. You want to verify.

What we had here is:

1) There is a DNS record with a signature value only.

2) You send the public key + the message, and want to get the same signature value.

This isn't secure, as per the article.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: