Authentication of signatures using public key encryption
One of Needham and Schroeder's proposed signature authentication protocols is shown to fail when there is a possibility of compromised keys: this invalidates one of the applications of their technique. A more elaborate mechanism is proposed which does not require a network clock, but does require a third party to the transaction. The latter approach is shown to be reliable in a fairly strong sense.