|
Yesterday (June 30th), President Clinton signed the new federal law on digital signatures. When agencies and corporations begin to take actions under guidance of the law in the months ahead, the chances of someone impersonating you convincingly (you cannot repudiate the impersonation in a court of law) will have been increased significantly. If this concerns you, the time has come to improve your basic knowledge about digital signatures and electronic impersonation. You should expect that after a few months more and more government agencies will pressure you to use your digital signature when communicating with them over the internet. Increasingly, merchants will require it for your purchases over the internet. However, you have some months before the pressure becomes unbearable; because the new law calls for a federal agency to first develop some solutions to named problems that are unresolved at this time. The law acknowledges that an acceptable level of security must still be agreed upon and implemented, and it requires that whatever is put in place be usable from a variety of computer platforms.
THE GOOD AND BAD SIDES OF DIGITAL SIGNATURES As you must realize with a little imagination, by capturing and using your electronic address and other identifiers, another person can issue electronic messages in your name -- i.e., impersonate you electronically. The ease of doing so depends on several factors, as does the motivation of any person to do that to you in particular. It will be more difficult for you to be impersonated if you use digital signatures in your electronic communications; but it will also be more difficult for you to get a judge in court to agree that you have been impersonated when a digitally signed communication is traced to you. You should, therefore, try to get enough knowledge to be discriminating and wise (hopefully) about when to avoid or when to use a digital signature. (The basics of the process are shown in a diagram below, and links to key web sites are also provided below.) HERE'S HELP IN LEARNING TO JUDGE WISELY WHEN TO USE A DIGITAL SIGNATURE Unfortunately, the available literature to help you get the knowledge you need is often badly obscured with technical jargon or with the attachment of uncommon meanings to commonly used words. Until this situation no longer exists, you will need more than normal amounts of perseverance and patience to get to the level of practical understanding you need to be wise in the steps you take to greatly reduce the risk that someone will effectively impersonate you on the internet -- "effective" in the sense that you can do little to convince others that it is an impersonation. The current cloud of public obfuscation arises from the adoption into common discourse of jargon used in the professional cryptology literature, in my opinion. The phrases "digital signature", and "private key" are especially troublesome. The words "trust" and "trustworthy" should be treated with great caution, as they are used with meanings that are not common -- an unfortunate gift to the bucanneer marketers. When you meet the word "hash" just close your eyes and think of some mathematical procedure that produces a specific result. Why so many articles must use this very obscure piece of jargon without ever trying to define it is a mystery in these days of emphasizing effective Customer Relations Management. Consider the phrase "digital signature". In common language, a signature is an object that exists separately from the process used to create it. In a digital signature, the process used to create the object (which may look like a 'garbage' string of letters and numbers -- e.g., wh6fgrr8rgdsdk9#44g%dffk*) is an integral to the concept. This process is a computer implementation of a mathematical procedure, and there is no way to validate a digital signature without using the correct mathematical procedure. And, the digital signature changes greatly from one document to the next. Therefore, to help public understanding, we really should have started with terminology that does not prompt confusion of the two kinds of signature among people trying to get educated to protect themselves. Now consider the phrases "public key" and "private key", which you will meet in practically every article written on this subject. In the cause of public education, a more unfortunate terminology is hard to imagine. Both may be strings of bytes (e.g., "au th y6 e3" -- though often much longer than this one). For the purposes of public education, "private key" should be replaced with something like "Guarded Key", and "public key" replaced by something like "Distributed Key". "Guarded Key" is helpful in prompting you to be always on "100% Alert" concerning where this key is located and who can gain access to it. The fact that it normally resides on your computer where various other people may find it (don't forget the people in the repair shop where you may take your computer), and where it may be damaged by a variety of agents, is a major issue in the up-coming spread of use of digital signatures. Another person who gets hold of this string can impersonate you effectively -- a judge in court would not accept your claim that you had been impersonated.(More on this point below.) This is the big DOWNSIDE of digital signatures. There will be millions of so-called "private keys" around on computers in the years ahead. Can we expect the same millions of private-key owners to guard those things as if they were their deepest secrets? Scarcely, I would think! One has only to imagine the expert repair person doing work on one's hard disk to realize that many people may not be ABLE at crucial times to exercise the necessary amount of safe-guarding of access to their Guarded Keys. This means that you need to think carefully in deciding when you can afford to use your private key; especially if there is involved some kind of contract that obligates you to pay money or to give up something else that you value. "But if I use no private key any Joe Schmo can submit my credit card number and make the purchase in my name", you say? Correct; but then you can repudiate the purchase when you get the bill from the credit card company. You will not have that option when someone uses your private key, and then you claim that you were impersonated. Private keys used to ensure identification on messages you send to family, friends and colleagues to simply exchange information and offer opinions operate to your benefit usually -- keep your communications private when you wish. In e-commerce, however, your private key is largely for the benefit of the party that is selling you something. That party wants to make sure you are who you say you are. That is quite reasonable. But if someone uses your private key to buy something you could be in deep trouble and not be able to get out of it -- not even in court. Might you, then, be better off going downtown and making that purchase in person, or using some other avenue that allows you to REPUDIATE the claim that you made the purchase? (Those who feel that this would be excessively unfriendly to e-commerce should read the article entitled "Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure", by C. Ellison and B. Schneier, published in Computer Security Journal, v 16, n 1, 2000, pp. 1-7.) ONE WAY TO DESIGN MORE ATTRACTIVE PRIVATE KEYS On this point, a notable suggestion by Graham Greenleaf and Roger Clarke at the Australian National University is that access to a private key always require collaborative actions by a collection of human beings. The idea is to prevent one person sitting a to console to effect access to a private key -- similar to the situation at a bank where one staff member has to call another one to collaborate before either can gain access to a certain electronic channel. Exactly how this would be set up was not described in their article. However, it is a safe prediction that after a few well publicized and very damaging impersonations, someone will place on the market private keys that cannot be activated without passwords supplied by two (or more) people collaborating with each other. TUTORIAL DIAGRAM ON DIGITAL SIGNATURE CREATION AND USE If you wish to learn more about digital signatures, a few sites where the descriptions are reasonably clear will shortly be cited below. Before going to these sites, you may find the following diagram to be of some use.
The processes represented in the diagram above are done automatically for you in recent versions of Netscape Communicator (the Messenger module), Outloook Express (which comes with Internet Explorer), and by an available plug-in to the excellent Eudora email program. However, you must first configure various settings in these programs before the automatic actions happen. Several web sites have detailed descriptions, with screen shots, of the configuration processes. One will be cited below. Your public key can be sent by you to the intended recipients of your message, or you may keep it in a publicly accessible database. Persons wishing to learn your public key can enter the database over the internet and look up your name (and other identifier since names are not unique) and/or your email address. Several of these databases are available, as you will learn from the sites mentioned below. TAKE CARE WHERE YOU STORE YOUR PUBLIC KEY Great care should be exercised in deciding whose database will hold your public key. Some will require certain information about you, only to turn around and sell that information in the infamous "aggregated form" to marketers or they will otherwise share it with parties beyond your control. Almost always the I.P. address of (and other information about) your computer will be known to the custodian of the database (your computer will have a fixed I.P. address if you are using a high-speed line to connect to the internet). That information could easily be passed to another company that is serving up advertising banners at the site of the custodian of the database. WHERE SHOULD YOUR GUARDED KEY ("PRIVATE KEY') BE KEPT? The article by C. Ellison and B. Schneier (cited above) identifies several problems that arise from the fact that "private keys" are generally stored on a PC. The following quote from their article is worthy of much thought. On your PC, your Guarded Key ("private key") is "subject to attack by viruses and other malicious programs. Even if your private key is safe on your computer, is your computer in a locked room . . . so that you know no one but you ever uses it? If it's protected by a password, how hard is it to guess that password? If your key is stored on a smart card, how attack-resistant is the card? [Most are very weak.] If it is stored in a truly attack-resistant device, can an infected driving computer get the trustworthy device to sign something you didn't intend to sign?" It might be helpful to keep your "private key" in an off-line medium such as a floppy disk or a Zip disk at all times. Hopefully, the program that needs it is designed to ask you for its location, and then read from the off-line medium when you make it available to the program. You might then expect to lock away that off-line medium (with backup copies) in a real or virtual safe deposit box that only you can open. Juat keep in mind, in summary, that there could be an awesome level of risk connected with your so-called PRIVATE key if you fail to prevent others from getting access to it. If there is much chance of you being hauled into court over a purchase someone made while impersonating you, you may wish to consider waiting until someone has placed on the market private keys that require two or more peoples' active collaboration to be used. These keys will be of no use to a thief, and the people with whom you must collaborate -- e.g. each supplying her/his unique password before access is granted -- would become key witnesses to help you persuade a judge that you were, in fact, impersonated. SOME HELPFUL WEBSITES FOR IMPROVING YOUR EDUCATION ABOUT DIGITAL SIGNATURES Here, now are some of the many useful sites, for education and for getting yourself organized to use digital signatures. http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html http://www.qmw.ac.uk/~tl6345/ http://www.qmw.ac.uk/~tl6345/ca.htm http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html https://www.privacyx.com A serious effort has been made here to respect peoples' copyrights. Any lingering violation will be corrected promptly, as soon as someone points out where the violation takes place. Contact lestone@arawak.net. © 2000 Arawak Enterprises. All rights reserved. |
