The argument to skip hybrid keys sounds dangerous to me.
These algorithms are not widely deployed and thus real world tested at all. If there is a simple flaw, suddenly any cheap crawler pwns you while you tried to protect against state actors.
It will likely display something like a QR Code with signature anyways, otherwise it's just a glorified passport picture?
Authorities/anyone could verify that it's not counterfeit. And photo should be checked anyways to match the person.
So I also don't see the need for attestation. For ID check it should be ok without. For signing stuff ofc it is not resistant to copying. But EID smartcard function already exists.
That, + logistics and logistics security in general. I agree, the costs are real; in general, anything physical with mass = costs. So the cost savings are real too - my point is that those are instantly eaten by inflation, so going from cash to cashless and then back to cash isn't a no-op; rather, the first leg quickly turns into a no-op, then the second leg would be increasing costs.
I have a setup with separated dns and domain since 2021. Using a CSK with unlimited lifetime, I never had to rotate. And could easily also migrate both parts (having a copy of the key material)
Register only has public material
The master is bind9, and any semi-trusted provider can be used as slave/redundency/cdn getting zonetransfers including the RRsigs
TPM is good when combined with secureboot and these hashes being part of the attestation, that eliminates initramfs swapping.
Still with Physical access being a factor bustapping can happen, ftpm - if available - is much harder to crack then than a discrete module.
TPM definitely rises the effort by a lot to break it. But by default the communication with it is not encrypted, so especially for modules not built into the cpu wire/bus-tapping is a thing.
Aren't they relying on asymmetrical signing aswell?
reply