[LINK] Electronic witnessing [was: High Court case Re: Register Online to Vote Should be LLegal]
Kim Holburn
kim at holburn.net
Fri Jul 30 10:40:21 AEST 2010
On 2010/Jul/30, at 10:19 AM, Stephen Wilson wrote:
> Kim Holburn wrote:
>> On 2010/Jul/30, at 9:31 AM, Stephen Wilson wrote:
>>
>>> Digital signatures need not be any any more complex than credit
>>> cards or electronic bus tickets.
>>>
>> True and they would not be any more secure than bus tickets either.
>> To be secure, digital signatures need a user's understanding of the
>> principles. Not going to happen soon.
>>
> Kim, which principles do they need to understand? I have some
> theories
> about the attempted over-education of public key cryptography that
> bedevilled PKI uptake, but maybe you're thinking of other factors,
> like
> legal principles?
I was thinking of mathematical and technical actually. There are two:
1. That if anyone else knows your private key it isn't private anymore
(suddenly and possibly unknowably from that point on).
2. How to verify it's really you (which is complex enough and just as
important).
Many things flow from 1. If someone finds your private key they can
sign anything as you. If your private key was given to you by some
organisation then it isn't private. It is only private if you
generate it yourself on a computer that is completely free of malware:
say a computer booted from a clean live CD; and stored only on
removable media that no-one else has access to and protected by a
large random password.
I'm sorry, I think it is difficult for most IT people to do it properly.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list