You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RECOMMENDATION: Do not use the same signature keypair across
groups. Update all keys for all groups on a regular basis. Do not preserve
keys in different groups when suspecting a compromise.
Does anyone actually do this? This seems like a real challenge for KT.
The text was updated successfully, but these errors were encountered:
This seems like an unnecessary recommendation. If handshake messages are unencrypted, then you don't need to infer membership from signatures. You can see the Add proposal for any member, containing the credential with their identity. If handshake messages are encrypted, the signature isn't visible.
This was originally a general cryptographic key separation consideration. I removed it from that privacy section.
The issue of reusing the same key across groups is that you can cross reference but there is already a sentence about this somewhere else. Fixed by in 241
Does anyone actually do this? This seems like a real challenge for KT.
The text was updated successfully, but these errors were encountered: