-----BEGIN PGP SIGNED MESSAGE----- In a list message, Ray Cromwell wrote:
Get a clue for god's sake. Digital signatures won't exist in a vacuum. No one is going to accept the validity of a signature unless it is signed by some trusted/certified authority and that authority would be liable for the person's true name or actions.
This is exactly how Apple's new DSA system works.
Actually, not. Apple's PowerTalk environment uses persona certificates right now, although entities may buy RSA's Safekeeper boxes ("tamperproof" titanium key generators) to generate actual warranted keys. All a persona certificate says is that key X belongs to person Y. No warranty, express or implied, is granted. If I have a persona certificate, say, from Dun & Bradstreet, all D&B is claiming is that the key on that certificate belongs to *me*. They could potentially be liable if the key actually belonged to someone else, but they wouldn't be liable if I used that key to embezzle $10M from the EFF Digital Credit Union. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLMvSqSA78To+806NAQEiaQQA5GufDI2U3MOLL9r4APbukz8GZeP3rEkQ X8NIuOkihCz3DXbllyneUFaIxKuZ9RJdOFswypDIdQMNPvNACXysYpCv++/dQt5/ Lrn93pv66ksh4AaDo69EfvCHnMJd4CkJWMx37z11sXHfl+JvAIFp5VAKfgNNvmn5 zsY8fpg9dsI= =ohfr -----END PGP SIGNATURE-----