CDR: Re: Non-Repudiation in the Digital Environment (was Re: FirstMonday August 2000)

Ed Gerck egerck at nma.com
Fri Oct 20 12:08:38 PDT 2000



Bob Jueneman wrote:

> Let's put this problem in perspective, and try to avoid the "chicken little, the sky is falling" syndrome.
>
> It's quite unlikely that someone would come up with  "Eureka!" type of solution to factoring large numbers that would end up completely breaking RSA, or that some way would be found to completely break the integrity of SHA-1.

Well said. SHA-1 works as a many-to-one function and this alone makes it impossible to break if
well applied.  Simply, no global inverse function exists for a many-to-one function (even
though a local inverse may exist, but in this case SHA-1 would not have been well applied).
This is a  mathematical fact. Matters with RSA are still unproven, though, but it is not probable
that it will be broken any time soon in a wide scale.

However, this is not what concerns me at all.  PKI is the problem.  It does not work and it
will not work on a global scale.  E-commerce itself has moved away from PKI for no other
reason.

The problem then is the E-sign Act and state legislation following on its heels, which
not only blurs IMO what a digital signature is but also does not deal adequately with the
liability issues for the different parties involved.

In this scenario, what if  we see a blind push for a global PKI and also include non-repudiation
as an "absolute authentication" based on some mythical "trusted  machines" -- as has been
suggested recently in the good name of e-commerce?

Cheers,

Ed Gerck






More information about the cypherpunks-legacy mailing list