When encryption is also authentication...

[Mike Rosing]

On Wed, 29 May 2002, Curt Smith wrote:

> I agree that under-the-hood encryption is becoming more and
> more prevalent, and that it generally improves security.  Also,
> the widespread use of encryption technology helps protect
> cryptorights in general as important to the public good.

This is kinda the opposite of...

> Both legally-binding and authentication technology should not
> be completely transparent.  Even "EULA's" require
> user-intervention.  Digitally signed messages should require
> user-intervention.

this.  Having it be "transparent" where the user doesn't need to know
anything about how it works does not have to destroy the effectiveness of
digital signatures or crypto.  When people sign a document they don't know
all the ramifications because few bother to read all of any document they
sign - most of it won't apply as long as you keep your part of the bargin,
so why bother?

The same thing should be true of digital signatures.  The user shouldn't
have to know a thing, other than they've made a promise they better keep
or all the bad clauses really do apply, and the proof of their signature
will come to haunt them.  The way the digital signature works does not
matter to them, and it shouldn't need to.

If digital crypto, signatures or e-cash are going to get into mass appeal,
then their operations will be "magic" to the majority.  And it all has to
work, to 1 part in 10^8th or better, without user comprehension.

It may well take "user intervention" to create a signature, but they
shouldn't have to know what they are doing.

Patience, persistence, truth,
Dr. mike