From: paul@poboy.b17c.ingr.com (Paul Robichaux)
To: rjc@gnu.ai.mit.edu (Ray)
Message Hash: 379ee3ec4f0c3a500a5ce346a3b667d28cbd459844a4e8cb0af04cf4b5a95aef
Message ID: <199310251322.AA08401@poboy.b17c.ingr.com>
Reply To: <9310250549.AA17848@churchy.gnu.ai.mit.edu>
UTC Datetime: 1993-10-25 13:39:06 UTC
Raw Date: Mon, 25 Oct 93 06:39:06 PDT
From: paul@poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 25 Oct 93 06:39:06 PDT
To: rjc@gnu.ai.mit.edu (Ray)
Subject: Re: on the term `signature'
In-Reply-To: <9310250549.AA17848@churchy.gnu.ai.mit.edu>
Message-ID: <199310251322.AA08401@poboy.b17c.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In a list message, Ray Cromwell wrote:
> Get a clue for god's sake. Digital signatures won't exist in a vacuum.
> No one is going to accept the validity of a signature unless it is signed by
> some trusted/certified authority and that authority would be liable for the
> person's true name or actions.
> This is exactly how Apple's new DSA system works.
Actually, not. Apple's PowerTalk environment uses persona certificates
right now, although entities may buy RSA's Safekeeper boxes
("tamperproof" titanium key generators) to generate actual warranted
keys.
All a persona certificate says is that key X belongs to person Y. No
warranty, express or implied, is granted. If I have a persona
certificate, say, from Dun & Bradstreet, all D&B is claiming is that
the key on that certificate belongs to *me*. They could potentially be
liable if the key actually belonged to someone else, but they wouldn't
be liable if I used that key to embezzle $10M from the EFF Digital
Credit Union.
- -Paul
- --
Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact.
Intergraph Federal Systems | Be a cryptography user - ask me how.
** Of course I don't speak for Intergraph. **
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLMvSqSA78To+806NAQEiaQQA5GufDI2U3MOLL9r4APbukz8GZeP3rEkQ
X8NIuOkihCz3DXbllyneUFaIxKuZ9RJdOFswypDIdQMNPvNACXysYpCv++/dQt5/
Lrn93pv66ksh4AaDo69EfvCHnMJd4CkJWMx37z11sXHfl+JvAIFp5VAKfgNNvmn5
zsY8fpg9dsI=
=ohfr
-----END PGP SIGNATURE-----
Return to October 1993
Return to “rjc@gnu.ai.mit.edu (Ray)”