CDR: Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)

Ken Brown k.brown at ccs.bbk.ac.uk
Thu Nov 16 03:02:04 PST 2000


Jim Choate wrote:
> 
> On Wed, 15 Nov 2000, R. A. Hettinga forwarded from a 3rd party:
> 
> > > When the same judge sees a digital signature, he doesn't know anything
> > > about Alice's intentions.  He doesn't know if Alice agreed to the document,
> > > or even if she ever saw it.
> 
> It's nice to see somebody else recognize the fundamental flaw with PKC is
> the god-damned key management.

You didn't even read the posting did you?

That isn't what he said at all.

He said that the problem with ALL use of computers (which for this
purpose include mobile phones, car locks, smart-cards, ATMs etc. etc.)
for authentication is the binding between the person & the system that
does the authentication. It doesn't matter a dam whether you use PKC,
DES or the Great Seal of the Holy Roman Empire. If the equipment isn't
tamper-proof, or if the signer doesn't understand how the process works
or if the software isn't provably valid, there can be a problem. 

Ken





More information about the cypherpunks-legacy mailing list