At 3:02 PM 5/16/96, Lyal Collins wrote:

Signing anything is somewaht a waste of time, unless the verification siftware is highly trusted, and there is good intergity/authenticity control of the root public key(s). So, in geneal - ho hum - until trusted hardware is available on the desktop.

Unless I am misunderstanding your message (terseness has its disadvantages), this is not really true. * Checking the signature on a signed applet is a kind of "sanity check" on the source of the software. It is rather unlikely, I think, that a malicious agent will corrupt or infect one's verification software so as to make untrusted applets looks trusted. (Ignoring what "trust" means for now.) * To wit, if you (Lyal Collins) run a signature verification applet downloaded, say, from Sun, and some time has passed and you have heard no reports that, say, Silicon Graphics broke into Sun and replaced all of Sun't applets with a malicious version, and if you have checked Sun's signature against published values (that is, you have used a public key widely disseminated, and not repudiated), then you can very probably "trust" this signature-checking procedure. (One can construct fanciful scenarios in which one's OS has been corrupted, one's microprocessor has been replaced, etc., but these are clearly fringe events. All security is economics....) (Note: I expect at least one person to argue that this is indeed a concern. Again, look to economics. How do you _really_ know that your "mother" is really your mother, and not a stranger who entered your life minutes after your birth? How do you _really_ know that a vending machine of Cokes is not able to detect your presence and give you a poisoned can of Coke?) * If one's basic signature-checking hardware and software is not compromised, signature checking works. If it _is_ compromised, you've got bigger problems. And no cryptographic system can really handle this issue. Oh, and I disagree also with the last point: "So, in geneal - ho hum - until trusted hardware is available on the desktop." What, for example, is "trusted hardware"? How does a user ever know that his hardware was not compromised at the chip factory, for example? (Not that I think this is a reasonable thing to worry about at this point, given much larger problems all around us, but I mention it to show that one gets caught in a recursive process in which one can of course never be absolutely certain of anything. The Solipsist view of things is internally consistent.) So, I'll take my chances that applet signing will be a welcome extra level of protection against malicious applets. Others are free, of course, to instead worry that their machines are insecure and the signature-checking software has cleverly been replaced by some agent trying to get them to download a malicious applet. (Of course, if They can corrupt one's crypto software, they can do all sorts of other bad things, and probably don't need to wait for you to download an applet to start doing them.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."