[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Public key crypto

Date: Sat, 11 Jan 1997 16:22:39 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: Public key crypto

Michael,

Michael Dillon wrote:
> 
> On Fri, 10 Jan 1997 davidk@ISI.EDU wrote:
> 
> > May be we
> > need to support even more then one mechanism to allow participation of
> > all countries.
> 
> I think it's even more important to support all skill levels of user.
> Many people really do not understand authentication systems at all and
> probably never will. But if you send them an email that says:
> 
>      The following changes have been requested for your
>      domain name EXAMPLE.INET. If you agree to these changes
>      then simply reply to this message. You don't have to
>      type anything in your reply but you do have to return
>      the entire key section at the bottom of this message.
>      If your email program does not automatically include
>      the message in the reply, please cut and paste the
>      key section into your reply.

  This will work for some authentication methods, but is not a good 
idea becouse the bad guys out there would also have access in to easy of
a manner I think.  Another schema needs to be thought out here.
> 
>      Changes requested:
>         .
>         .
>         .
>      KEY SECTION:--------------------------------------
>      KEY01yf8hv3esncrzs8pcwtyhomva.o8utb4egasm80sgm9e5t
>      KEY02xefno8scsrtm/f9fs9mlsem9/sef9/m8se9/f5s/5se/5
>      KEY03c89ctn9n9rtny8rtn8ort8nyortvn8vrt8s8d8o9da4s9
>      KEY04d89n358o49490t980tr4apiosuopsafuighklgk/jdfdz
>      END OF KEY SECTION:-------------------------------
> 
> In this example, the important lines are each tagged with "KEY" and
> the line number. In addition the KEY lines are short so they will
> not be word wrapped even with wierd reply quoting schemes. The actual
> keys consist only of characters from the MIME base64 character set
> so they won't get munged by wierd gateways. If the user accidentally
> pastes the key multiple times the KEY line numbers enable extracting
> the lines of the key in correct order. The tags are there to identify
> the beginning of the key even if quoting characters are prepended.
> 
> Human factors are critically important here if we want to enable ordinary
> users to authenticate their transactions. No scheme which requires the end
> user to run a specific software package will work.

  I do not agree with this statment entirely.  It is quite easy to 
download a Certificate and install it in most browsers from several
software vendor sources, or if the IACH/CORE wishes to become it's
own Certificate Authority for authentication a facility can be built
in CGI to provide for that function, with instalation instructions.

  If my 9 year old can handle this, than I believe most users could
handle it.
> 
> Michael Dillon                   -               Internet & ISP Consulting
> Memra Software Inc.              -                  Fax: +1-604-546-3049
> http://www.memra.com             -               E-mail: michael@memra.com

Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. 
Phone :972-447-1878
E-Mail jwkckid1@ix.netcom.com

References:
- Re: Public key crypto
  - From: Michael Dillon <michael@memra.com>

Prev by Date: Re: Public key crypto
Next by Date: Re: poster dist (again)
Prev by thread: Re: Public key crypto
Next by thread: Re: Public key crypto
Index(es):
- Date
- Thread