Re: X509 digital certificate for offline solution

From: Valery Pryamikov (valery_at_harper.no)
Date: 08/13/05

  • Next message: Stephen Walch: "Looking for better licensing technology"
    Date: Sat, 13 Aug 2005 21:49:36 +0200
    
    

    <lynn@garlic.com> wrote:
    > the original question implied a question about the business process
    > applicability of using digital signature in offline situations... as
    > opposed to the environment they have been used to. understanding the
    > nature of the tool can help in understanding its applicability to
    > different situations.

    It's a bit embarrassing for me to admit that until now I didn't even check
    the original question ;-). But I don't think it was question about business
    process applicability, but rather a sign of complete misconception. My
    understanding of original question is that op was asking about a way of
    protecting piece information that is used by some service (daemon) from
    everyone else using this computer, including administrator/root (because if
    it was only about protecting against unprivileged users of this computers --
    simple access control would be more than enough). Of course PKI is
    completely irrelevant here!... but any other encryption related technology
    is irrelevant here as well... Since service/daemon requires protected
    information in clear text, which means that decryption key must be
    accessible to that service on that computer, but that automatically makes
    this secret key to be accessible to administrator/root of this computer as
    well. The op's problem as it is, is more close to DRM than to anything else
    (i.e. store secret key, and cipher text in one place and hope that nobody
    will be able to put them together).

    I also think that X509 certificate appeared in the original question due to
    simple fact that many people was introduced to encryption by it's appliance
    to e-mail and unfortunately, there are many people who's understanding of
    encryption didn't evolved much further than that <grin>.

    > recent related postings from cryptography mailing list.
    > http://www.garlic.com/~lynn/aadsm20.htm#29 How much for a DoD X.509
    > certificate?
    > http://www.garlic.com/~lynn/aadsm20.htm#30 How much for a DoD X.509
    > certificate?
    > http://www.garlic.com/~lynn/aadsm20.htm#31 The summer of PKI love
    >
    great posts! I've read them earlier this week+last week (when you posted
    them to cryptography mailing list). I really appreciate you posting great
    stuff.

    -Valery.

    http://www.harper.no/valery


  • Next message: Stephen Walch: "Looking for better licensing technology"