[8967] in cryptography@c2.net mail archive
Re: Sender and receiver non-repudiation
daemon@ATHENA.MIT.EDU (Lynn.Wheeler@firstdata.com)
Tue Jul 3 17:25:54 2001
To: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>
Cc: Panayiotis Kotzanikolaou <pkotzani@unipi.gr>,
<cryptography@wasabisystems.com>
From: Lynn.Wheeler@firstdata.com
Date: Tue, 3 Jul 2001 14:09:41 -0700
Message-ID: <OF98B80E00.2C9C447A-ON88256A7E.00743E41@fdcsg.1dc.com>
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
all true
it was part of the original point ... which was that much of the writing
about security in conjunction with digital signatures .... all have to do
with the responsibilities of certification authorities.
However, it is possible to have a totally insecure infrastructure with the
best certification authority along with their best policies and practices
... and still have a situation like the "Emperor's new clothes".
It is further possible to have a terrible secure infrastructure with secure
chip-card, secure public/private keys, secure display, secure processes,
along with trusted digital signatures ... and have absolutely no
certificates.
In lots of cases, you can treat certification authorities and certificates
as totally orthogonal to the issues involved in trusting digital
signatures.
some random refs:
http://www.garlic.com/~lynn/subtopic.html#fraud
http://www.garlic.com/~lynn/subtopic.html#privacy
http://www.garlic.com/~lynn/subtopic.html#sslcerts
http://www.garlic.com/~lynn/subtopic.html#radius
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
