Newsgroups: comp.org.eff.talk
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!wuarchive!zaphod.mps.ohio-state.edu!math.lsa.umich.edu!math.lsa.umich.edu!jjewett
From: jjewett@math.lsa.umich.edu (Jim Jewett)
Subject: Re: Digital Signatures and Public Key Cryptography
Message-ID: <1990Sep24.015611.9323@math.lsa.umich.edu>
Keywords: RSA Digital Signatures Notary Public Security SysAdmins
Sender: usenet@math.lsa.umich.edu
Reply-To: jjewett@math.lsa.umich.edu (Jim Jewett)
Organization: University of Michigan, Department of Mathematics
References: <3109@mindlink.UUCP> <1075@syacus.acus.oz>
Date: Mon, 24 Sep 90 01:56:11 GMT
Lines: 31

In article <1075@syacus.acus.oz>, william@syacus.acus.oz (William Mason)
writes:
|> a577@mindlink.UUCP (Curt Sampson) writes:
|> 
|> >> daven@svc.portal.com (Dave Newman) writes:
|> >> 
|> >> One way to prevent this is of course the "witness". A third party
witnessing
|> >> the contract with their own digital signature would make the claim of
|> 
|> >That's a very good idea.  Eliminating the physical trip could be
tough.  After
|> >all, what good is the "witness" if she doesn't "witness" the thing being
|> >signed?
|> 
|> There is such a thing as a "trusted" system/site.  In these sites, it
would be
|> appropriate for an electronic witness to witness the program.  I'd like to
|> see such a beast act like a pop-up which would prompt you for a password.
|> If the password were OK, then it could force a witness signature into the
|> input byte stream (as if typed).  

So what exactly is a "trusted" system?  One on which you have root?  And on
which no one else does?  What is to keep the system administrator from just
resetting your password, running the verification with the new password, and
then getting the original password file back from a backup?  Suddenly, it isn't
so safe.

-jJ 
jjewett@math.lsa.umich.edu       Take only memories.
Jewett@ub.cc.umich.edu           Leave not even footprints.