Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!munnari.oz.au!metro!usage.csd.unsw.oz.au!syacus!william
From: william@syacus.acus.oz (William Mason)
Newsgroups: comp.org.eff.talk
Subject: Re: Digital Signatures and Public Key Cryptography
Message-ID: <1075@syacus.acus.oz>
Date: 20 Sep 90 09:02:42 GMT
References: <3109@mindlink.UUCP>
Organization: Australian Centre for Unisys Software, Sydney
Lines: 26

a577@mindlink.UUCP (Curt Sampson) writes:

>> daven@svc.portal.com (Dave Newman) writes:
>> 
>> One way to prevent this is of course the "witness". A third party witnessing
>> the contract with their own digital signature would make the claim of

>That's a very good idea.  Eliminating the physical trip could be tough.  After
>all, what good is the "witness" if she doesn't "witness" the thing being
>signed?

There is such a thing as a "trusted" system/site.  In these sites, it would be
appropriate for an electronic witness to witness the program.  I'd like to
see such a beast act like a pop-up which would prompt you for a password.
If the password were OK, then it could force a witness signature into the
input byte stream (as if typed).  

Perhaps there is scope to extend this to some sort of hardware key like a
dongle for PC's.  There's enough "tamper proof" technology around (e.g. 
EFT PIN pads) to be able to say the hardware can be trusted.  Bye the way
the dongle keep a password for authorisation.  (And there's always
smart cards).

William Mason
ACUS R&D,
Sydney Australia