ICEIMT 1994: Re: RSA Digital Signature Announcement

Re: RSA Digital Signature Announcement

From: Bruce Speyer (speyer@mcc.com)
Reply to: speyer@mcc.com & iceimt@tools.org forum
Wed, 23 Mar 94 17:59:28 CST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles Petrie: "CIMOSA Press Release"
Previous message: Bruce Speyer: "RSA Digital Signature Announcement"

>There seems to me a very big difference between a password and a
>signature. This software seems like the former. A signature cannot
>be forged except by very skilled handwriting copying. ANyone can
>forge an electronic `signature' if they are told the password key.
>
>So, this enables anyone to let as many people as they like `sign'
>electonic douments. This is certainly useful, but not exactly
>analogous to a real signature. One can conceive of blackmail
>being used to force someone to tell them their key/password to allow
>them to sign things for them.
>
>If I am mistaken about this distinction, and if these electrtonic
>signatures really ARE like normal signatures in the way I describe
>please explain.
>
>thanks
>Mike Uschold, AI Applications Institute,
>INTERNET: M.Uschold@ed.ac.uk The University of Edinburgh,
>Tel: (031) 650 2732 80 South Bridge, Edinburgh EH1 1HN
>Fax: 650-6513 Scotland

With RSA Public/Private key technology everybody knows the public key and uses it to encrypt messages that can only be decrypted with the private key. Likewise, you can authenticate a message by decrypting with the public key what can only be properly encrypted using the private key. So, the private key is never shared with anyone such as in DES style of encryptions. The one other entity that knows your private key (disregarding fraud and mistakes) is the escrow agent(s) (which may include the US government) that assigns public/private keys. Presuming the escrow agent is "trustworthy" and the enduser doesn't expose their password it isn't "possible" to forge documents that use this technology.

Hence, the critical security issue becomes the key management and distribution issues by the organizations themselves and the Certification Authorities that assign the keys. since there is now at least a minimally sufficient technological solution available worldwide including DES/Kerberos authentication and RSA Digital Signature technology-- as you point out in your message. The MCC EINet project that I am a member of is one of the groups working this issue.

Regards, -Bruce

Next message: Charles Petrie: "CIMOSA Press Release"
Previous message: Bruce Speyer: "RSA Digital Signature Announcement"

Return to ICEIMT home
Contact: bruce.speyer@tools.org
Last Updated: Thu Feb 9 05:00:03 2012