Sender and receiver non-repudiation
David Honig
honig at sprynet.com
Tue Jul 3 14:00:55 EDT 2001
At 08:55 AM 7/3/01 -0700, Lynn.Wheeler at firstdata.com wrote:
>signing. With digital signatures it becomes murkier ... how does somebody
>know that what they are looking at is the same thing that the computer is
>calculating a digital signature for.
Good point. There's no way without a trusted host somewhere.
Imagine that you scanned the paper doc, inspected it visually,
and digitally signed the image file. Even this is succeptible to
a trojan that alters the display, alters what's printed, etc.
If you do have a little trusted island, e.g., a java button
on a ring you wear in the shower, or a PDA display you trust,
you can often leverage this to make a trusted system.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list