CDR: Re: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)

Ray Dillinger bear at sonic.net
Thu Nov 16 10:48:16 PST 2000 


On Thu, 16 Nov 2000, John Young wrote:

>Still, is there no alternative to giving government and
>corporations first, if not exclusive, choice on the best 
>products and services, 

Not if you plan to make a legal profit, there isn't. After 
all, government and corporations are the people with the 
money. 

>Now, none of this applies to Bruce's evolving computer
>security body of work, which is most impressive. It's just not
>clear what will evolve as Counterpane takes more of his
>time and effort. 

Which mostly consists of pointing out flaws and problems with 
things other than the encryption/decryption algorithms in use: 
Bits of it are definitely worth a read between auditing routines 
in your code.  (oh yeah, I have 64 bits of key in this local 
variable, and I'm exiting the routine: better remember to write 
over them so whatever grabs the memory next can't read them....
and while I'm at it, I better declare that 'volatile' so the 
system can't swap it to disk...) 

This stuff is why you can't just plug libraries together and 
have a good crypto product; A 'math library' made for crypto 
has to do fundamental things to prevent other applications 
getting their hands on 'numbers' that a math library for general 
application does not have to do.  Ditto a windowing or GUI system 
made for crypto, etc.  All these slap-together GUI programs 
made with MFC etc that we're seeing, are a completely wrong 
approach for cryptographic software; you can't make that stuff 
secure, you have to write your own.  And this is what Schneier 
has been pointing out. And thank goodness somebody's been 
pointing it out. 

>Cybercrime begins with criminalizing digital information, 
>that is, to regulate who gets access to private secrets,
>who runs the protection rackets: "don't trust your
>computer" is the next step after "don't trust the Internet."
>Confidence in both requires the assurance services of 
>who? Ah yes, I see.

But for Homer Husband and Harriet Housewife, this is a valid 
point.  We can download source, audit it, compile it, and then 
audit the crucial bits of binary to make sure nothing funny 
is going on with our compilers.  We, as technogeeks and cryptogeeks, 
can set up our own trusted machines.  But Homer and Harriet can't 
count to eleven without someone lending them a hand, and without 
training and dedication, there is no way in hell that they can 
hold enough stuff in their heads to set up a trusted machine on 
their own - thus "trust" will always be a leap of faith. 

However, even with a "machine trust" issue in the way, I don't 
see that digital signatures are *less* secure than the types of 
signatures now accepted in court.  After all, signature forgery 
on paper documents is not unknown or impossible either, and the 
"Digital signature act" earlier this year allows unencrypted (!) 
HTTP requests received via the internet to be held as signatures 
in court. 

There is a fundamental schism here between the "identity is meat" 
school of thought in which our legal system is based and the 
"identity is bits" school of thought manifested in digital signature 
protocols. But that's a more fundamental idea, and I want to address 
it in a different post. 

				Bear

More information about the cypherpunks-legacy mailing list