Eventually DigitalSignature(s) will permit verifiable authorship and permission-granting in an easy and lightweight way, which will help. -- DaveHarris
"Eventually" may be decades.
Digital signatures have long been one of my interests. Around 1990 I even tried to get digital signatures into the "trn" newsreader. Unfortunately, there have been three major problems:
- Digital signature algorithms are patented.
Fortunately, the RSA encryption/signature patent expired in September 2000. The DSA algorithm is patented in other countries, and is disputed in the US.
- Signature algorithms are export-controlled cryptography.
This was the biggest problem for most of the 1990s. I managed to get permission from RSA to use a signature library, but because of US export regulations I could only distribute it as a binary file for a few supported architectures. (This was not acceptable.) Almost all the US barriers were removed in the last year. Most of the world seems likely to remove these barriers.
- Signature and encryption algorithms require very sensitive key data.
This is perhaps the killer problem. The most likely solution seems to be a credit-card sized smart-card which performs the cryptography/signatures within the card. The likely functions of the card may include:
- Master check/credit/bank/financial card
- Medical record card
- Driver's license, Social Security card, or other National ID card
Software-only solutions are usually insecure given the lousy security habits of most people. Still, for low-value transactions (like validating dialup passwords or forum users), they can be better than short passwords (which are often saved in cleartext on the PC anyway). --CliffordAdams
Turns out the most likely solution is to ask Microsoft very nicely to put your (the CertificateAuthority's) SymmetricKey--the TrustAnchor--into their browser. This generally turns out to be VeriSign in practice. And I guess NetScape. Who?