On Feb 16, 11:14am, Marc Kneppers wrote:
>
> Correct me if I am wrong, but...
>
> You could sign the page with a public/private key signature and then at
> least if people saw your info on a different web site, they could grab
> your public key and check from the signature that the info hadn't been
> altered (my understanding of these types of signature is that the
> signature contains some combination of your private/public key and a
> checksum of the data - so only the person possessing the private key
can
> create the signature and the file checksum could be verified with the
> public key).
>
How many casual users are going to go thru the public/private key
deal? 1? 100? 1000? And do you really trust that key, if there
is no independent vertification authority (which is a weakness of the
pgp stuff: I depend on you to certify that you are who you say you
are...) outside of Verisign. We place a lot of trust in key exchange
and the like without examining what is in place today (not 5 years from
now...)
I hear TIS is proposing a commercial public key escrow system. Now, that
may be a Nice Thing.
> Put disclaimers on all your stuff saying that 'all our stuff has
> signatures on the bottom so if you don't see one, don't trust it and if
> you do see one and are concerned about the accuracy of the data, get
our
> public key and ...'
>
> This might be slightly unwieldy ... but do-able.
>
Unweildy? Yes. Doable? Yes. Can you sell it to non-technical managers
that only want a 'page on the network so we can show off our product'?
If you can, I want to talk to you to find out your secret of success. I
have a project that needs it right now...:)
>
> Not true. In real life you can sign documents thereby proving that they
are
> authentic. Then, someone has to forge your signature to break the
> authenticity. On the net, you can sign things as well, and so far (if
you
> use the right algorithm and a big enough key, etc.) people should NOT
be
> able to forge your signature and break the authenticity.
> It just seems that this sort of protection isn't too wide spread and is
> kind of awkward for the average-joe who wants to buy stuff from you (or
> whatever).
I think in general commerce (ie not us propeller heads thinking of wild
and fuzzy technosolutions, but something that marketdroids and other
less-bithead oriented people can use...) AT THIS TIME there is not an
iota of control that is widespread, secure, and easily validated for
the models in current use.
There are, however, exceptions to this, but their maturity is still
a matter of discussion, IMHO.
}-- End of excerpt from Marc Kneppers
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com 908-730-3338
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"It is only the ignorant who suppose themselves omniscient."
--General Robert Edward Lee--
References:
|
|
