From: remail@tamsun.tamu.edu
Date: Sat, 2 Oct 93 10:14:21 PDT
To: cypherpunks@toad.com
Subject: RSA in new Apple productRSA in new Apple product
Message-ID: <9310021713.AA29525@tamsun.tamu.edu>
MIME-Version: 1.0
Content-Type: text/plain


From a discussion of Powertalk in TidBITS#195/27-Sep-93, an online zine
published by "Adam C. Engst" <ace@tidbits.com>:


------------------- forward ---------------------------------------

Key Chain
  The Key Chain is the third new Desktop icon and perhaps the most
  important PowerTalk feature. It provides quick, transparent access
  to any number of password-protected servers or services through a
  single system-wide logon password. All applications and services
  are integrated with a single security model. For every service,
  the user creates a key. Each key has account information,
  communications settings (such as. modem settings, addresses, and
  system identifiers), and an encrypted password. After this one-
  time setup, the user attaches the key to the Key Chain and can
  forget the password. From now on, the system will automatically
  and transparently connect to the protected service when needed.

  Apple feels that this mechanism is especially secure since a user
  will find it easier to remember a single, frequently-used password
  and will be less likely to write down a list of passwords. At any
  time, you can lock the Key Chain by issuing a command or through
  an inactivity time-out. When the Key Chain locks, all windows
  containing information from protected services are hidden.

  Apple claims that PowerTalk is more secure than most other off-
  the-shelf software solutions since those use less secure
  algorithms to avoid export restrictions. Apple is the first
  company to receive an export license for a DES-based product.

  A new "I am at..." menu item (e.g. Home, Office, Car, Hotel) lets
  the system know which services are accessible and automatically
  resets communications settings for Ethernet, modem connection,
  packet radio, etc. so the system can continue to transparently
  establish connections over available media.

  A PowerTalk server can act as a trusted party in establishing
  authenticated communications across the net. Network traffic is
  encrypted with the RC4 algorithm of RSA and delivered via ASDSP
  (Apple Secure Datastream Protocol). ASDSP adds only about ten
  percent to the communication overhead. At least in the initial
  release, peer-to-peer traffic cannot be encrypted. [Sorry for all
  the acronyms! RSA is a company. -Tonya]

  Digital signatures, based on RSA Public Key Encryption, provide a
  secure way of ensuring data has not been altered and was signed by
  a particular person. The mechanism is similar to Kerberos [a
  security system developed at MIT -Adam], which was not mature
  enough at the critical point in PowerTalk development. Apple
  anticipates supporting Kerberos in a future PowerTalk release.

  To sign a document, simply drops it on a Signer icon. A prompt for
  the personal signer code then appears on the screen. If the
  content of the signed document later changes in any way, the
  signature becomes invalid. While being signed, a file
  automatically is locked to avoid inadvertent invalidation. The Get
  Info window of a signed file is used to uncheck the file lock, and
  it contains a Verify button with which the recipient can assert
  the integrity of the file and authenticity of its signature.

  Large companies can become trusted signature issuing agents for
  their employees by obtaining a titanium blackbox with key
  interlocks from RSA. The box contains a certain number of key
  combinations and can be connected to a Macintosh which runs an
  RSA-signed signature issuing application. Individuals can acquire
  a personal signature code through a notary. RSA always is at the
  root of the issuing process and signatures expire after two years.
  The issuing cost of a digital signature runs about $25.

  One limitation of the signature mechanism, at least in the initial
  implementation, is that only one signature can be attached to a
  document. This may be worked around by designing forms such that
  each signatory vouches for the authenticity of the previous
  sender's signature.

 For an APS price list, send email to: <aps-prices@tidbits.com>

 For information on TidBITS: how to subscribe to our mailing list,
 where to find back issues, how to search issues on the Internet's
 WAIS, and other useful stuff, send email to: <info@tidbits.com>
 Otherwise, contact us at: ace@tidbits.com * CIS: 72511,306
 AppleLink & BIX: TidBITS * AOL: Adam Engst * Delphi: Adam_Engst
 TidBITS * 1106 North 31st Street * Renton, WA 98056 USA
 ----------------------------------------------------------------