Sender and receiver non-repudiation
Lynn.Wheeler at firstdata.com
Lynn.Wheeler at firstdata.com
Tue Jul 3 17:09:41 EDT 2001
all true
it was part of the original point ... which was that much of the writing
about security in conjunction with digital signatures .... all have to do
with the responsibilities of certification authorities.
However, it is possible to have a totally insecure infrastructure with the
best certification authority along with their best policies and practices
... and still have a situation like the "Emperor's new clothes".
It is further possible to have a terrible secure infrastructure with secure
chip-card, secure public/private keys, secure display, secure processes,
along with trusted digital signatures ... and have absolutely no
certificates.
In lots of cases, you can treat certification authorities and certificates
as totally orthogonal to the issues involved in trusting digital
signatures.
some random refs:
http://www.garlic.com/~lynn/subtopic.html#fraud
http://www.garlic.com/~lynn/subtopic.html#privacy
http://www.garlic.com/~lynn/subtopic.html#sslcerts
http://www.garlic.com/~lynn/subtopic.html#radius
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list