[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-repudiation vs. revocation


At 08:46 AM 11/6/97, Peter Gutmann wrote:
>>It is not clear at all to me that non-repudiation is possible, given the 
>>state of consumer OS and H/W development (and the Radar O'Reilly attack).  
>What is the Radar O'Reilly attack (or at least, why is it called that)?  I 
>assume he got the colonel (or whoever) to sign something other than what he 
>thought he was signing, but more precise details would be useful.  
>I've sent this question as private mail, but other members of the SPKI list 
>may like to know as well.

Sorry -- it's M*A*S*H trivia.  Yes, Radar would get Col. Blake to sign 
things by slipping them in under things that were legitimately signed and 
then flip pages.  With private key in a smart card, once you activate the 
card for one thing, you can't be sure that that's what really got signed.

To be sure of that, you need the card itself to display to you what it's 
signing -- not just a hash.

The problem is so difficult that we're forced to fall back on trusting our 
H/W and OS as if it were a TCB -- which it isn't.  Therefore, 
non-repudiation is really out of the question.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |