[3438] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Rick Smith)
Thu Oct 8 19:45:19 1998
Date: Thu, 08 Oct 1998 16:32:46 -0500
To: Ed Gerck <egerck@laser.cps.softex.br>,
Robert Hettinga <rah@shipwright.com>
From: Rick Smith <rick_smith@securecomputing.com>
Cc: cryptography@c2.net, dcsb@ai.mit.edu
In-Reply-To: <Pine.LNX.4.02.9810051441090.392-100000@laser.cps.softex.br
>
>On Mon, 5 Oct 1998, Robert Hettinga wrote:
>
>>State Government Agency Will Use Datakey Smart Cards
At 02:55 PM 10/5/98 -0200, Ed Gerck asked:
>Can you comment since you are reporting on it, or someone else could
>perhaps comment, what exactly Datakey means when they use the word
>"true" regarding non-repudiation? Is is "true" as "fully realized"
>(exemplified by "dreams come true"), or as "narrow" (exemplified by
>"in the truest sense")?
I can't speak for DataKey, though I've talked to their people about their
products and know a little about them.
I suspect (and this an informed conjecture, not fact) their assertion of
"true nonrepudiation" is derived from a technical detail: their cards can
run in a mode where they generate the public/private key pair onboard and
they never, ever emit a copy of the private key. So this ties usage of the
private key to custody of the corresponding card, and the card probably
requires some sort of PIN activation. So you "know" the private key can
only be used by the card's custodian and the custodian can't argue that
someone else has copied the key.
This seems related to the notion of nonrepudiation, and in some sense
captures an ultimate technical implementation of private key control.
However, I don't think anything can guarantee "true nonrepudiation" in the
sense that people occasionally speak (in hushed or haughty tones) of being
"Truly Secure." The real world is too complex to support the concept, and
the limitations aren't technical ones.
Regardless of the marketing terms being used, I personally find it
interesting to think about PK cards that never emit the private key. I like
the clean notion of tying the private key so completely to a single piece
of tangible hardware. However, I suspect that some existing protocols will
get a bit squirrely if particular private keys become irrecoverable due to
a hardware failure.
Rick.
smith@securecomputing.com
