on the term `signature'
Paul Robichaux
paul at poboy.b17c.ingr.com
Mon Oct 25 06:39:06 PDT 1993
-----BEGIN PGP SIGNED MESSAGE-----
In a list message, Ray Cromwell wrote:
> Get a clue for god's sake. Digital signatures won't exist in a vacuum.
> No one is going to accept the validity of a signature unless it is signed by
> some trusted/certified authority and that authority would be liable for the
> person's true name or actions.
> This is exactly how Apple's new DSA system works.
Actually, not. Apple's PowerTalk environment uses persona certificates
right now, although entities may buy RSA's Safekeeper boxes
("tamperproof" titanium key generators) to generate actual warranted
keys.
All a persona certificate says is that key X belongs to person Y. No
warranty, express or implied, is granted. If I have a persona
certificate, say, from Dun & Bradstreet, all D&B is claiming is that
the key on that certificate belongs to *me*. They could potentially be
liable if the key actually belonged to someone else, but they wouldn't
be liable if I used that key to embezzle $10M from the EFF Digital
Credit Union.
- -Paul
- --
Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact.
Intergraph Federal Systems | Be a cryptography user - ask me how.
** Of course I don't speak for Intergraph. **
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLMvSqSA78To+806NAQEiaQQA5GufDI2U3MOLL9r4APbukz8GZeP3rEkQ
X8NIuOkihCz3DXbllyneUFaIxKuZ9RJdOFswypDIdQMNPvNACXysYpCv++/dQt5/
Lrn93pv66ksh4AaDo69EfvCHnMJd4CkJWMx37z11sXHfl+JvAIFp5VAKfgNNvmn5
zsY8fpg9dsI=
=ohfr
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list