MeatballWiki

DigitalSignature

Eventually DigitalSignature(s) will permit verifiable authorship and permission-granting in an easy and lightweight way, which will help. -- DaveHarris

"Eventually" may be decades.

Digital signatures have long been one of my interests. Around 1990 I even tried to get digital signatures into the "trn" newsreader. Unfortunately, there have been three major problems:

  • Digital signature algorithms are patented.

Fortunately, the RSA encryption/signature patent expired in September 2000. The DSA algorithm is patented in other countries, and is disputed in the US.

  • Signature algorithms are export-controlled cryptography.

This was the biggest problem for most of the 1990s. I managed to get permission from RSA to use a signature library, but because of US export regulations I could only distribute it as a binary file for a few supported architectures. (This was not acceptable.) Almost all the US barriers were removed in the last year. Most of the world seems likely to remove these barriers.

  • Signature and encryption algorithms require very sensitive key data.

This is perhaps the killer problem. The most likely solution seems to be a credit-card sized smart-card which performs the cryptography/signatures within the card. The likely functions of the card may include:

    • Master check/credit/bank/financial card
    • Medical record card
    • Driver's license, Social Security card, or other National ID card

Software-only solutions are usually insecure given the lousy security habits of most people. Still, for low-value transactions (like validating dialup passwords or forum users), they can be better than short passwords (which are often saved in cleartext on the PC anyway). --CliffordAdams

Turns out the most likely solution is to ask Microsoft very nicely to put your (the CertificateAuthority's) SymmetricKey--the TrustAnchor--into their browser. This generally turns out to be VeriSign in practice. And I guess NetScape. Who?


[CategoryCryptography] [CategoryIdentity]


Edit this page | History