Open vaudenay opened 4 years ago
K_A could be stolen by a malware or coercion attacks. If K_A is stolen, A can be impersonated in HELLO_A messages and in communication with the server (status check, retrival of new EBIDs). A TPM could help protecting K_A.
Maybe K_A should rotate at every connection with server.
Thanks, @vaudenay. We are still working on the protocol to improve it, considering TPM is still on the table.
K_A could be stolen by a malware or coercion attacks. If K_A is stolen, A can be impersonated in HELLO_A messages and in communication with the server (status check, retrival of new EBIDs). A TPM could help protecting K_A.