Author: Timo Hanke 2013-04-25 10:28:53
Published on: 2013-04-25T10:28:53+00:00
In an email conversation, Mike Hearn and Timo Hanke discussed a proposal to sign payment requests with keys kept offline. Hearn expressed his belief that chaining a custom cert onto the end of the SSL cert would not work since it defeats the purpose of "cold signing". The goal of the proposal is to allow delegation of signing authority without giving the delegate the SSL private key. Hearn clarified that the goal was not to protect against web server compromise, but rather to prevent exposing the key to theft similar to a hot wallet. Hearn believed that the SSL PKI cannot handle compromised web servers. However, Hanke thought that this was not the focus of the proposal at this moment. He pointed out that the proposal differentiated between "most trusted" and "less trusted" keys (certs) and that it could live with the SSL PKI being less trusted for its purpose.
Updated on: 2023-06-06T15:34:59.864362+00:00