A mighty fortress is our PKI, Part II

StealthMonger StealthMonger at nym.mixmin.net
Thu Jul 29 12:37:28 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jerry Leichter <leichter at lrw.com> writes:

> The only conceivable purpose for using a signature is that you can
> check it *offline*.  If you assume you can connect to the network,
> and that you can trust what you get from the network - why bother
> with a signature?  Simply check a cryptographic hash of the driver
> against an on-line database of "known good" drivers.

> This is right in line with Lynn Wheeler's frequent mention here that
> the use case for offline verification of certs for commerce
> basically doesn't exist.  It was a nice theory to develop 30 years
> ago, but today the rest of the framework assumes connectivity, and
> you buy nothing but additional problems by focusing on making just
> one piece work off-line.

Not quite.

Untraceable anonymity and untraceable pseudonymity remain one of the
important applications of cryptography, and both depend on store and
forward anonymizing networks which mix traffic by using high random
latency.

The saving qualifier for your assertion is "for commerce".  True,
there is not yet a way to securely transmit and store commercial value
(money) offline, but it has not been proven impossible.

For these applications, the security has to be in the message, not the
connection.  Offline verification is essential.


 -- StealthMonger
         <StealthMonger at nym.mixmin.net>

 --
   stealthmail: Scripts to hide whether you're doing email, or when,
   or with whom.
         mailto:stealthsuite at nym.mixmin.net

Finger for key.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAkxReuIACgkQDkU5rhlDCl7izQCfXuxcHdDT5c54EpATviI+PXCO
MFEAoI62kO/DZcwkw++BpQ4Ey5jTVro6
=6mIw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list