Getting a KeyPOST Digital Certificate - Part 1 - Applying
Fri, 21 Aug 1998 14:16:17 +1000
<<James Morris posting <<However, the success of SSL for Web <<transactions
seems to indicate it can be done in the case of (2).>>
I was at a presentation this morning by a commercial supplier of many
security products where is was pointed out that SSL won't give
non-repudiation of individual transactions.....
<<povey posting - <<>I think the best compromise is for AusPost to provide
the machines <<as a >standalone device under some audit, and let
people come in and <<use them >to generate secret from a h/w device.
ie make a secret in <<trustable conditions >with good h/w rather than
anonymously accepting <<somebodys pgp key irrespective >of how it was
It was for this type of scenario that we sought evaluation and
accreditation for those CAs who wish to be accredited. Part of the
evaluation script would be ensuring that if key generation was offered the
generation system/device didn't compromise "the secret" by keeping copies
of keys or leaving them lying around in memory or substituting other keys
and that there were also defined policies on how the process was to occur
and for the owner to take delivery etc etc. Claims made by systems/device
suppliers have to be tested. Even the way they are implemented together
can cause security concerns (I'm advised). We just didn't feel that the
'average battler' should have to cope with this 'baffling stuff' alone -
that if THEY chose to, they could have access to services that they had
some hope of knowing wasn't "Dodgy Bros Keys".
If you don't trust anyone to generate your keys, what about using them?
The issue of whether you generate your own keys or have then generated on a
trusted system might pale into insignificance if we consider other
unevaluated components and applications that might 'employ' your private
key to create your digital signature. You might end up using your keys in
a system implemented and operated by your bank, business partners or
employer. If there is a dispute, in court they will be the ones with the
all the proof, from their computer systems, that 'proves' that they
couldn't possibly have compromised your private key and that, therefore,
the signature is yours.
You'll just be standing around saying "it wasn't me guv...." or hoping
that the IT Security Expert that you'd hired (at great expense) was good
enough to find the 'black hole' in the system.....
: - )
In the Gatekeeper work I remember that we discussed that any online
application offered for use by the public, which implemented a signature
process, should be audited...
regards, Mandy Cramer