[148269] in cryptography@c2.net mail archive
Re: [Cryptography] Explaining PK to grandma
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Nov 26 11:37:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 26 Nov 2013 09:35:38 -0600
From: Nico Williams <nico@cryptonector.com>
To: Kelly John Rose <iam@kjro.se>
In-Reply-To: <CAFd=HCdOA+kuBxD_-+QLH+7BDVpLZ+n1Vm4mP1Gu3Tf5tKcW5w@mail.gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
David Mercer <radix42@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Tue, Nov 26, 2013 at 09:15:46AM -0500, Kelly John Rose wrote:
> On Monday, November 25, 2013, David Mercer wrote:
> > For signatures how about the kind of stamp you press into a wax seal, and
> > a book with pictures of others' stamps as having their public key on your
> > keyring? A bit archaic, but grandma is more likely to get this one than
> > perhaps some teenagers, as she may have actually seen one used in person.
>
> The missing piece here is you can copy such a signature with a good forger.
> Public key makes it so copying a signature requires something more.
Padlocks make good analogs for PK encryption because substantial
physical effort is needed to break them, *and* the tamper resistance of
boxes and padlocks can always be improved, but wax seals have very
little resistance to copying and it cannot be improved much in any easy
way. Otherwise both would be decent analogs.
> I think signature is a misnomer in this circumstance.
Oh, could be. There's really no meatspace analog for digital
signatures: any integrity protection seal stops serving its purpose once
broken, and they must be broken to get at the contents, and
authenticating physical integrity protection seals is hard.
I can see how one could create protocols based on padlocks that can be
used to implement something like perishable digital signatures after the
fact, but the analogy then gets way out of hand and loses all its
utility (except as a way of showing that "crypto is hard").
Nico
--
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
