[Cryptography] Possible reason why password usage rules are such a mess

Osman Kuzucu bizbucaliyiz at hotmail.com
Mon Dec 21 00:06:57 EST 2020



> Peter Gutmann <pgut001 at cs.auckland.ac.nz> şunları yazdı (21 Ara 2020 05:55):
> 
> There's almost nothing available on this in English, once you get past any
> top-level pages in English it's all in Turkish, but isn't this just an
> incredibly complex way of doing something via a government (or equivalent
> centralised) portal?  What advantage is being provided by the use of X.509?
> 
> Peter.

Sadly there is no technical documentation in Turkish too, or burried too deep that I couldn’t find. All the Turkish pages just explain what it is very briefly without saying how it actually works. And also there is no explanation for why they use X.509

As for the complexity, there are authorized e-signature issuing private companies. They all provide their own software which is linked to the government at the end. When a user wants to sign something with e-signature, the website opens a pop-up, that connects to the e-signature app that’s running on the user’s computer, shows details of the document and allows user to sign it. Once signed, website takes the signature data and transfers to the government portal and provides a QR code and serial number for the document so others can verify the document was indeed signed. 

It is basically working like the “Metamask” extension on browsers for ETH transactions. Just you need a USB stick where certificate(s) are stored. 

You can’t sign everything with e-signature. The website/app has to be registered to the government portal first and has to be approved. Then they get API keys and documents for implementing the signing script on website. 


More information about the cryptography mailing list