[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-repudiation vs. revocation


At 02:27 PM 11/10/97 +0200, Camillo Sdrs wrote:
>Carl Ellison wrote:
>> To be sure of that, you need the card itself to display to you what 
>> it's signing -- not just a hash.
>> The problem is so difficult that we're forced to fall back on trusting 
>> our H/W and OS as if it were a TCB -- which it isn't.  Therefore,
>> non-repudiation is really out of the question.
>I do understand that total non-repudiation is out of the question. 
>However, I fail to see why it would not work in some circumstances, say
>when you are signing a SPKI cert.  Provided that we identify some standard
>SPKI auths, I think it would be fairly simple to devise a smartcard that
>can parse such auths and present them to the user for signing.
>Just a thought.  But I like it. :-)  Then again, I've been known to be
>wrong, repeatedly.

For that matter, if smart cards are cheap enough, each card can have one 
private key and each private key can have one authorization -- and the 
authorization can be written on the card in permanent ink in a box like 
today's credit card signature boxes.  That way, the user can know what he's 
authorizing at the time he uses the card.

This can be improved, in some high volume cases (e.g., credit card usage) by 
having the authorization printed on the card in color with nice logos and 
maybe even holograms.

(No, I'm not being facetious here.  I believe this is a logical course of

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |