dual-use digital signature vulnerability
Anne & Lynn Wheeler
lynn at garlic.com
Mon Jul 19 11:26:18 EDT 2004
At 08:25 AM 7/19/2004, Jerrold Leichter wrote:
>A traditional "notary public", in modern terms, would be a tamper-resistant
>device which would take as inputs (a) a piece of text; (b) a means for
>signing (e.g., a hardware token). It would first present the actual text
>that is being signed to the party attempting to do the signing, in some
>unambiguous form (e.g., no invisible fonts - it would provide you with a
>high degree of assurance that you had actually seen every bit of what you
>were signing). The signing party would indicate assent to what was in the
>text. The notary might, or might not - depending on the "means for
>signing" -
note that some of the online click-thru "contracts" have been making
attempt to address this area; rather than simple "i agree"/"disagree"
buttons ... they put little checkmarks at places in scrolled form .... you
have to at least scroll thru the document and click on one or more
checkmarks .... before doing the "i agree" button. a digital signature has
somewhat higher integrity than simple clicking on the "i agree" button ...
but wouldn't subsume the efforts to demonstrate that a person was required
to make some effort to view document. Of course in various attack scenarios
... simple checkmark clicks could be forged. However, the issue being
addressed isn't a forging attack ... it is person repudiating that they
read the T&Cs before hitting the "I agree" button.
With the depreciating of the "non-repudiation" bits in a long ago, and far
away manufactured certificates (which has possibly absolutely no relevance
to the conditions under which digital signatures are actually performed)
.... there has been some evolution of "non-repudiation" processes. An issue
for the "non-repudiation" processes is whether or not the person actually
paid attention to what they were "signing" (regardless of the reason).
An issue for relying parties is not only was whether or not there was some
non-repudiation process in effect, but also does the relying party have any
proof regarding a non-repudiation process. If there is some risk and/or
expense associated with repudiation might occur (regardless of whether or
not it is a fraud issue), then a relying party might adjust the factors
they use for performing some operation (i.e. they might not care as much if
it is a low-value withdrawal transaction for $20 than if it was a
withdrawal transaction for $1m).
some physical contracts are now adding requirement that addition to signing
(the last page), that people are also required to initial significant
paragraphs at various places in the contract.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list