|
The per-round RSA private key lives in the coordinator's memory for the |
|
duration of an active round and is structurally dropped (and |
|
cryptographically zeroized) at the end of the round. This section is the |
|
threat-model treatment of that window in its bounded form, post-AUDIT-03. |
this section implies there's a threat model associated with this design requirement but no such threat exists: the secrecy of the server credentials only protects liveness, and there is no rationale for zeroing the key material (the information about the transaction, on the other hand, does make sense to zero for forward privacy in the event of server compromise after coordination)
blindjoin/docs/AUDIT-CHARTER.md
Lines 315 to 318 in 982fc28
this section implies there's a threat model associated with this design requirement but no such threat exists: the secrecy of the server credentials only protects liveness, and there is no rationale for zeroing the key material (the information about the transaction, on the other hand, does make sense to zero for forward privacy in the event of server compromise after coordination)