From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 5 Dec 1997 09:12:33 +0800
To: cryptography@c2.net
Subject: Please Beta test my communications cryptography product.
Message-ID: <199712050100.RAA04735@proxy4.ba.best.com>
MIME-Version: 1.0
Content-Type: text/plain



    --
I have produced a program that, like PGP, provides digital
signatures and communications encryption.

http://www.jim.com/jamesd/Kong/Kong.htm

This is the first beta.  Please beta test this product.

The important difference between it and other products
that provide digital signatures and encryption is that it
is not certificate based.  Instead it is signature based.

This eliminates the steep initial learning and management curves 
of existing products.  The user does not need use and manage 
specialized certificates except for specialized purposes

The big complexity and user hostility in existing products is
creating and managing certificates.

Perhaps more importantly, it also eliminates the threat we
saw in England, the threat of the government giving itself
a monopoly in certificate distribution, potentially creating the 
Number-Of-The-Beast system, where you need a government
certificate to log on to dirty picture sites, to buy, to
sell, to put up web pages.

The key feature of the proposed product is that any digitally 
signed document can be stored in the database, and itself 
performs the functions of a certificate, just as a normal handwritten 
signature does.  The user usually does not need to check a 
document against a certificate to see if it was signed by the "real" 
John Doe.  Instead he normally checks one document against 
another to see if they were both signed by the same John Doe.   
And similarly when he encrypts a document, he does not need to 
use a certificate to encrypt a message to the one real John Doe, 
he merely encrypts a message to the same John Doe who signed 
the letter he is replying to.

At present people have to deal with certificate management 
problems regardless of whether they really need certificates.
For example the most common usage of PGP is to check that two 
signatures that purport to be by the same person are in fact 
by the same person.   Unfortunately you cannot check one 
signature against another directly using PGP or any of the 
other existing products.  Instead you have to check both 
signatures against a public key certificate, even if the 
authentication information in that certificate is irrelevant 
to your purpose, which it usually is, which means that you 
have to download the certificate from somewhere, and the 
person signing it had to upload it somewhere.  As PGP always 
checks a document against the certificate, rather than against 
any other document the user happens to feel is relevant to the 
question, the person signing the document needs to get his 
certificate properly signed by some widely trusted third party, 
which is too much trouble or too complicated for many people.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     z8/j/L3kF7oCmOp/iF2oh/pwgP/mATjOTUdv1uGy
     DlPh9Op11Z1CtFuByebVsk8yJo4WuUMuFk4S/TMp
 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because of 
the kind of animals that we are. True law derives from this right, 
not from the arbitrary power of the state.

http://www.jim.com/jamesd/