From: Yosi (natask_at_nonexisting.hamakor.org.il)
Date: Sun 23 Feb 2003 - 17:36:54 IST
This reminds me of an article Bruce Shcneier wrote about digital signatures
and their connection to the owner. I'm too lazy to search the actual
article, but you can look for it in the CrytpoGram archives on Counterpane's
website (www.counterpane.com)
Yosi
>From: Ira Abramov <Lists-Linux-IL_at_ira.abramov.org>
>To: IGLU Mailing list <linux-il_at_iglu.org.il>
>Subject: From the News...
>Date: Sun, 23 Feb 2003 16:58:13 +0200
>another stage in getting digital signatures not only an empty law but a
>reality in Israel:
>http://www.ynet.co.il/articles/1,7340,L-2439240,00.html
>
>interesting questions: who can trust the trustee? When you make an SSL
>key, the part you send verisign is only your public key, not the private
>one. The procedure in the article describes a case where a company
>issues you the entire key pair. should I trust that key, coming on a
>card or paper or my ID, where the secret key was not generated on
>hardware I control (i.e. trust)? I don't need to tell you how damn
>annoying it would be to discover the shabak has your secret key as well
>:)
>
>and even if I overcome that hurdle, how can I trust the software? to log
>into a secure government site I'd have to swipe my card on my home
>machine. sounds cool until you think closer: does the reader do the
>authentication or does it pass the key to the main CPU? is the program
>on the CPU that does the authentication trustable (i.e. locally viewable
>and compilable program or an ActiveX downloaded with the page that does
>who-kn0ws-what with your private key?).
>
>in other words - Will Comsign sign my GPG key instead? :)
>
>I went to the comsign.co.il website. the first thing I got was an ASP
>cookie (not reassuring) which I naturally declined, the rest of the site
>was not navigatable without MSIE. natch..
>http://www.comsign.co.il/Products/ doesn't say anything about PGP, but
>then again, I can't seem to find anything about verisign's PGP services
>anymore on their own site (which I remember seeing once in the past)
>
>-----------
>
>The Digital Gap - lots of budgets and lots of activity, but this
>reporter claims there are no results yet, and reports on partial
>statistics:
>http://www.ynet.co.il/articles/0,7340,L-2442554,00.html
>
>the solution offered these days - yet another comittee to synchronise
>efforts. I'd point out to anyone following these efforts to watch the
>non-government projects, as they spring from real-world needs and not as
>political extravaganzas.
>
>-----------
>
>finally, a cute gadget item: Nokia'r self out with a
>cellphone/game/mp3/radio combo with a screen of a sub-notebook. ima'le!
>http://www.ynet.co.il/articles/0,7340,L-2442614,00.html
>
>
>--
>Tried and tested
>Ira Abramov
>
>http://ira.abramov.org/email/ This post is encrypted twice with ROT-13.
>Documenting or attempting to crack this encryption is illegal.
>
>=================================================================
>To unsubscribe, send mail to linux-il-request_at_linux.org.il with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail linux-il-request_at_linux.org.il
>
_________________________________________________________________
Surf together with new Shared Browsing
http://join.msn.com/?page=features/browse&pgmarket=en-gb&XAPID=74&DI=1059
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Mon 06 Oct 2003 - 23:44:22 IST