Re: X509 digital certificate for offline solution

From: Valery Pryamikov (
Date: 08/13/05

  • Next message: Stephen Walch: "Looking for better licensing technology"
    Date: Sat, 13 Aug 2005 21:49:36 +0200

    <> wrote:
    > the original question implied a question about the business process
    > applicability of using digital signature in offline situations... as
    > opposed to the environment they have been used to. understanding the
    > nature of the tool can help in understanding its applicability to
    > different situations.

    It's a bit embarrassing for me to admit that until now I didn't even check
    the original question ;-). But I don't think it was question about business
    process applicability, but rather a sign of complete misconception. My
    understanding of original question is that op was asking about a way of
    protecting piece information that is used by some service (daemon) from
    everyone else using this computer, including administrator/root (because if
    it was only about protecting against unprivileged users of this computers --
    simple access control would be more than enough). Of course PKI is
    completely irrelevant here!... but any other encryption related technology
    is irrelevant here as well... Since service/daemon requires protected
    information in clear text, which means that decryption key must be
    accessible to that service on that computer, but that automatically makes
    this secret key to be accessible to administrator/root of this computer as
    well. The op's problem as it is, is more close to DRM than to anything else
    (i.e. store secret key, and cipher text in one place and hope that nobody
    will be able to put them together).

    I also think that X509 certificate appeared in the original question due to
    simple fact that many people was introduced to encryption by it's appliance
    to e-mail and unfortunately, there are many people who's understanding of
    encryption didn't evolved much further than that <grin>.

    > recent related postings from cryptography mailing list.
    > How much for a DoD X.509
    > certificate?
    > How much for a DoD X.509
    > certificate?
    > The summer of PKI love
    great posts! I've read them earlier this week+last week (when you posted
    them to cryptography mailing list). I really appreciate you posting great


  • Next message: Stephen Walch: "Looking for better licensing technology"

    Relevant Pages

    • Re: Use of event handling
      ... Your original example completely fails in that goal, because the non-event example can be written without any variable/conditional method invocations. ... any code example that purports to demonstrate not only how but also why one would use an event cannot use as its basis a compile-time-known method invocation. ... I would _hope_ that by seeing how the code you posted with your original question does not usefully demonstrate events, that can lead you to understanding better what events are useful for, but of course that may not be the case. ...
    • Re: Algebraic integers
      ... > I do not think that is within the knowledge of the students involved. ... Then I'm understanding Bart's original question in a very different ... And the only definition of algebraic integer I'd expect ...
    • Re: Wrong results
      ... I was basing my answer from the original question: ... > That's not my understanding of the problem. ... > click by a user should create the rollup table; consecutive clicks will use the rollup table> instead. ...
    • Re: Protection Lists
      ... I'm so sorry that I misunderstood your original question. ... understanding is that generally, true "lists" are unable to be created ... or modified while the cells in the worksheet are protected. ...
    • Re: Microsoft Virtual PC
      ... When I ask the original question I did not have a clear understanding of how ... thinking about installing Microsoft Virtual PC and then my XP Pro. ... this will I have to re-activate XP? ...