[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-repudiation vs. revocation

To: "Camillo Sdrs" <Camillo.Sars@DataFellows.com>
Subject: Re: non-repudiation vs. revocation
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 17 Nov 1997 00:55:51 -0500
Cc: spki@c2.net
In-Reply-To: <3466FDB6.9BCB2E4D@DataFellows.com>
References: <3.0.3.32.19971105145150.00c347b0@cybercash.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 02:27 PM 11/10/97 +0200, Camillo Sdrs wrote:
>Carl Ellison wrote:
>> To be sure of that, you need the card itself to display to you what 
>> it's signing -- not just a hash.
>> 
>> The problem is so difficult that we're forced to fall back on trusting 
>> our H/W and OS as if it were a TCB -- which it isn't.  Therefore,
>> non-repudiation is really out of the question.
>
>I do understand that total non-repudiation is out of the question. 
>However, I fail to see why it would not work in some circumstances, say
>when you are signing a SPKI cert.  Provided that we identify some standard
>SPKI auths, I think it would be fairly simple to devise a smartcard that
>can parse such auths and present them to the user for signing.
>
>Just a thought.  But I like it. :-)  Then again, I've been known to be
>wrong, repeatedly.

For that matter, if smart cards are cheap enough, each card can have one 
private key and each private key can have one authorization -- and the 
authorization can be written on the card in permanent ink in a box like 
today's credit card signature boxes.  That way, the user can know what he's 
authorizing at the time he uses the card.

This can be improved, in some high volume cases (e.g., credit card usage) by 
having the authorization printed on the card in color with nice logos and 
maybe even holograms.

(No, I'm not being facetious here.  I believe this is a logical course of
developments.)

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNG/cZhN3Wx8QwqUtAQFQswQAh+0Nb0u0MLOWa2V1iEGhDZv9srlD6kEv
5xk6wKVHDRevPyHHm9VY/dtEiWVE+RFmVnnCMujdNmqNSNfmr6RTDKxoHhrIL07y
wWqfJd9c9bRXwfwk7g4y+fpgJCD9rGRKpHTN8VAWhr5xmwxCoLbJdXbeHdcshw2S
q9Yax+qKmik=
=dFzC
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: non-repudiation vs. revocation

From: Carl Ellison <cme@cybercash.com>

Re: non-repudiation vs. revocation

From: "Camillo Sdrs" <Camillo.Sars@DataFellows.com>

Prev by Date: Re: uses of MD5 hashes
Next by Date: Re: non-key-sharing
Prev by thread: Re: non-repudiation vs. revocation
Next by thread: Re: Validity periods can be handled more explicitly
Index(es):
- Main
- Thread