crypto component services - is there a market?
Anne & Lynn Wheeler
lynn at garlic.com
Thu Apr 19 20:23:21 EDT 2007
Stefan Kelm wrote:
> Here in Europe, e-invoicing very slowly seems to be
> becoming a (or should I say "the"?) long-awaited
> application for (qualified) electronic signatures.
> Since electronic invoices need to be archived in
> most countries some vendors apply time-stamps and
> recommend to re-apply time-stamps from time to time.
recent post/thread with some discussion of the business of
digital certificates ... as distinct from either digital
and/or electronic signatures.
http://www.garlic.com/~lynn/2007h.html#28 sizeof() was: The Perfect Computer - 36 bits?
one of the exploits for the "changing" the burden of proof scenario
(mentioned in the above post) ... since the incentive is significant
... is where the merchant produces a digital signature plus corresponding
digital certificate purported to be from the other party.
the underlying digital signature stuff was designed for providing
authentication and integrity for the transaction. there was never
any provisions for it to ever provide intent and/or handle the
situation of establishing the inverse ... i.e. in traditional
digital signature & digital certificate paradigm ... there is
no way of proving what, if any, digital signature and digital
certificate were originally appended to the transaction/invoice.
this somewhat gets into the area of non-repudiation services
(where some of the trusted time-stamping have periodically
wandered into) ... i.e. for individuals, digital signature isn't
representative of a human signature and intent ... it is
purely does (what digital signatures were originally designed
for) authentication and integrity.
other parts of the same thread related to digital signatures
http://www.garlic.com/~lynn/2007h.html#20 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#22 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#26 sizeof() was: The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2007h.html#27 sizeof() was: The Perfect Computer - 36 bits?
possibly being able to force changing of burden of proof ... is analogous to
some past discussions about "dual-use" attack ... again where there was possibility
of allowing digital signatures to wander into the arena of human signatures and
intent ... a thread that started in this mailing list
http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems
http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private information to improve security
http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at MasterCard processor
http://www.garlic.com/~lynn/aadsm19.htm#43 massive data theft at MasterCard processor
http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and authentication
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the security challenges
http://www.garlic.com/~lynn/aadsm23.htm#13 Court rules email addresses are not signatures, and signs death warrant for Digital Signatures
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list