[355] in cryptography@c2.net mail archive
Re: Digital Signatures without PKCS
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sun Mar 16 16:20:11 1997
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <199703152315.SAA04403@jekyll.piermont.com> from "Perry E. Metzger" at "Mar 15, 97 06:15:42 pm"
To: perry@piermont.com
Date: Sat, 15 Mar 1997 23:43:34 -0500 (EST)
Cc: ponder@freenet.tlh.fl.us, cryptography@c2.net
I agree with Perry on this one. Any system that uses a keyed hash
fails to provide non-repudiation, unless you create a TTP to be the
verifier of all signatures. That TTP would be a fat target for a
vareity of attacks, technical and otherwise.
Adam
Perry E. Metzger wrote:
| "P. J. Ponder" writes:
| > This definition excludes signatures and possibly other authentication
| > technologies based on secret key methods.
| [...]
| > Should the legal definition of 'digital signature' be limited to methods
| > based on public key cryptography?
|
| I'm not big on secret key based "signature" methods given that they
| are easy to forge. Keyed hashes are useful for authentication in
| limited circumstances, but make me leery on documents.
--
"Well, that depends. Do you mind the end of civilization as we know
it?"
