Jim Choate wrote:
On Wed, 15 Nov 2000, R. A. Hettinga forwarded from a 3rd party:
When the same judge sees a digital signature, he doesn't know anything about Alice's intentions. He doesn't know if Alice agreed to the document, or even if she ever saw it.
It's nice to see somebody else recognize the fundamental flaw with PKC is the god-damned key management.
You didn't even read the posting did you? That isn't what he said at all. He said that the problem with ALL use of computers (which for this purpose include mobile phones, car locks, smart-cards, ATMs etc. etc.) for authentication is the binding between the person & the system that does the authentication. It doesn't matter a dam whether you use PKC, DES or the Great Seal of the Holy Roman Empire. If the equipment isn't tamper-proof, or if the signer doesn't understand how the process works or if the software isn't provably valid, there can be a problem. Ken