1995-02-07 - Re: dna ink

Header Data

From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 631dfea32098cb1a9d4ce498651ba92f1191b35348bddb3a778bee1d3546a01b
Message ID: <199502071926.LAA21751@largo.remailer.net>
Reply To: <9502071246.AA06847@snark.imsi.com>
UTC Datetime: 1995-02-07 19:28:01 UTC
Raw Date: Tue, 7 Feb 95 11:28:01 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Tue, 7 Feb 95 11:28:01 PST
To: cypherpunks@toad.com
Subject: Re: dna ink
In-Reply-To: <9502071246.AA06847@snark.imsi.com>
Message-ID: <199502071926.LAA21751@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: "Perry E. Metzger" <perry@imsi.com>

   Digital "signatures" are the first real unforgeable authentication
   technology mankind has developed.

Impossibility is a pretty strong concept, and here, as elsewhere, it's
an exaggeration.  Digital signatures are not unforgeable.  If you
steal the private key, you can forge signatures.  The unforgeability
is exactly as great as the strength of the container where the private
key lies.  The issue of incarnation, if you will, is perhaps the
single most important issue for actual deployment.

It's a matter of economics.  The cryptographic barrier is
insurmountable, but it's not the only barrier.  So don't try to breach
the cryptography; try to breach one of the other elements of the
system.

[Perry, I promise it's not personal; it just _seems_ like I'm
nit-picking on everything you write this week.]

A remark on the meaning of forgery.  Let me rewrite what Perry said:

   Digital "signatures" are the first authentication technology
   mankind has developed where forgery is impossible to detect.
   
An indistinguishable signature can still be a forged signature.  A
forged signature is one that is made by the wrong person.  If the
wrong person gets the private key, signatures made by that person are
forgeries, even though nobody can tell them apart.

This point is not merely pedantic.  The concept of forgery adheres to
the person committing the act, not the act itself.  A piece of data
which presents itself as a signature, but which does not pass the
verification process, is not a forged signature but an invalid one.

The external inability to distinguish proper digital signatures from
forged ones has profound effect on the legal interpretations of the
physical signing device (hardware+software).  I wish only to point
this out and leave discussion to another thread.

Eric





Thread