Yi et al. presented a protocol for mobile network authentication and key distribution based upon the DSA signature scheme. The protocol can be divided into two phases, i.e., registration phase and service phase. In this paper, we show that their scheme is insecure on the registration phase since an attacker can easily forge a certification for any exit or dummy user in their protocol and then pretend to be a legal user to communicate
with other entities.