|
|
|
|
|
|
by pclmulqdq
1306 days ago
|
|
|
How about he doesn't sign the PDF that is wrong? If you're imagining that this is part of some key rotation procedure, what about signing a document that says "until April 20th, 2022, 0:00 UTC our public key is X"? And then if the central source gets hacked, people will be suspicious of the PDF for a few hours, but nobody will do anything disastrous. Edit: you can also add chaining to the documents themselves: "until... the private key is X. This document supercedes the doument with hash Y." |
|
|
You can be in the habit of writing "I signed this message at date K" but if any of your old keys are compromised, the hacker can sign a new message with today's date to spoof a new rotation event. Without ordering these events by time, you cannot know which is the newest.
One solution is to have a log showing the timestamped key rotations. A company can store everybody's timestamped key rotations on a sqlite database and promise it won't ever be modified, or you can put these state changes in a distributed ledger. If the value of the key rotation events outweighs the cost of submitting transactions to the ledger, it may be worth it. This is unrealistic with Eth L1 but more realistic in something like a recursive zk rollup on L2.