grittygrease
commented
6 years ago The signature covers the context string "Exported Authenticator" (which is not NULL-terminated). I'll add that text to the security considerations.
Open martinthomson opened 8 years ago
grittygrease
commented
6 years ago The signature covers the context string "Exported Authenticator" (which is not NULL-terminated). I'll add that text to the security considerations.
This usage creates another context in which the same key is used for signing in two different contexts. We need to be careful to a) make sure that those signatures can't be transplanted elsewhere, and b) document that we have done so.