From: greg@ideath.goldenbear.com (Greg Broiles)
To: cypherpunks@toad.com
Message Hash: 3945cce8b1792dce69a511b98765d12e6ee1ed1678142e774d44d769d7cacbad
Message ID: <s6NyBc1w164w@ideath.goldenbear.com>
Reply To: N/A
UTC Datetime: 1993-10-25 06:23:12 UTC
Raw Date: Sun, 24 Oct 93 23:23:12 PDT
From: greg@ideath.goldenbear.com (Greg Broiles)
Date: Sun, 24 Oct 93 23:23:12 PDT
To: cypherpunks@toad.com
Subject: Apple, AOCE, and key pair security
Message-ID: <s6NyBc1w164w@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
A few months ago, I posted an excerpt from a MacWeek article re AOCE
(Apple Open Collaboration Environment), a collection of services to
be integrated into the Mac OS to facilitate groupware apps.
The MacWeek article said that users would receive their public keys (to
be used for digital signatures on documents) from RSADSI, instead of
generating them themselves. Scott Collins wrote to disagree, saying that
the AOCE software he'd seen didn't work that way. I E-mailed
the author of the original article, who stood by what he wrote, saying
that "very good sources" said that the keys would be provided to users
by outside, allegedly trustworthy, sources.
According to the 11/93 Macworld, users will not, in most cases, generate
their own key pairs:
"When you receive a signed digital document, how do you know that the
signature is legitimate and that it isn't from a pretender? In many
ways, your digital signature is similar to a credit card; it is issued
by a known authority, it has an expiration date, and you can verify its
validity. To get your own digital signature from RSA, you take a form to
a notary public, who verifies your identity, notarizes the information
on the form, and then mails the form to RSA. Based on the notary
public's authority to say you are who you claim to be, you eventually
receive a disk in the mail with your personal electronic signature. Your
electronic signature has a two-year expiration date, and includes some
verification information. If someone wants to make sure your signature
is valid, he or she contacts the issuing authority listed in the
certificate. There will be issuing authorities other than RSA. For
example, Apple Computer's security department plans to issue signatures
to all Apple employees with employee badges."
"AOCE, Apple's plan for groupware", Macworld, 11/93, p. 167.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLMtl4X3YhjZY3fMNAQHyFwQAgz42oEoWb3okT1pZt/buyIhpPls8hMFT
WzvhVYSxQnaYzRz5jHRl0YdLUivW71dgHWTKffasZhMAd05Bn3t6m3LTz8zPc4sx
LfgN4yvFTl/foepVegzMZPPoDnhb5Sp46cAC0O3+fgaCrmasZaoHIWNBRKsz0wnv
hh07sCIsswM=
=6i+9
-----END PGP SIGNATURE-----
--
Greg Broiles
greg@goldenbear.com Baked, not fried.
Return to October 1993
Return to “greg@ideath.goldenbear.com (Greg Broiles)”
1993-10-25 (Sun, 24 Oct 93 23:23:12 PDT) - Apple, AOCE, and key pair security - greg@ideath.goldenbear.com (Greg Broiles)