Slashdot Mirror
Congress Moving On E-Signatures
Silas writes: "Well folks, Congress is moving along with attempts to make digital signatures legally binding for online transactions, public and private." Many pros and cons if this goes through, but I'm definitely looking forward to reducing my mail.
The article tells us that the senate is moving for digital signatures that are as legally binding as a pen and paper signature. Does that mean that current internet documents that are "digitally signed + legally binding" are, in fact, NOT legally binding? (Case in point: the Napster-getting-unbanned-by-Metallica declaration?)
Does this mean that, in it's current state, a legally-binding, digitally-signed document does NOT exist?
.- CitizenC (User Info)
Handwrighting expercts maintain that signatures are unique, and they may be. The problem is, that signatures can be forged.
Actual fingerprints would not be a bad idea, nor would face, ear lobe, or retina scans, preferably with a combination of two or more of the above, in addition to a password.
1) Create a key in PGP or GPG.
2) Put the public key on a floppy and take it down to the Post office.
3) Show them your passport or your drivers license and Social Security card and give them the floppy and $5.
4) They put it on their LDAP keyserver, accessable at ldap.usps.gov.
5) Anyone wanting to authenticate your identity would check there.
You could offer some really neat features in a system like this, such as the possibility of creating arbitrairly anonymous keys for use in handle based fora or Hotmail accounts. If your key is compromised, you'd just go to the Post Office and issue a cancel certificate. Ideally there'd be limitations of liability similar to what you get with credit cards if you issue a cancel certificate in a timely fashion after discovering your keys have been potentially compromised. Especially since most computers on the net are insecure.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Any good promising candidates around?
I'm sure that this was not the point of your post, but unless the actual algorithm is broken (which means discovering the true nature of primes, or at the very least a solution to factoring numbers easily, which is closely related) there is no real danger here.
If the computers are that fast, then they will also be fast enough to compute larger keys at a usable speed.
-Tommy
"I got a half gallon of Jack, and 2 dozen Ant Traps. I'm about to get wild." -me
How do we keep ourselves safe in a time when anyone with a pen can forge our handwritten signatures? The answer is, all signatures are insecure and legally contestable, and the process is a real bitch if you've ever been through it.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Keep in mind that, even with current 'legaly binding' signatures, you can potentialy always go to court and say "I diddnt sign that".
Because of this, important contracts require a witness (who could also potentialy say "I diddnt see him sign that, and someone forged my name too!"), and realy important contracts need to be signed and notarized by something like a Notary Public, a Comissioner of Oathes, or even a judge.
When I say "require" I dont mean "legaly necessary" but "expected" and/or "required" by the other entity involved in the contract to do business with you. IANAL (and working on lay Canadians idea of the law (but this is all prety basic, and basied on English Common Law anyway)) but since there is always the "I diddnt do it" escape, important contracts will always require a third party.
What, since Microsoft won't move to Canada, Congress is?
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
In an interview on CNN or MSNBC last night about online stalkers there were two major points made. First is never give out any information about yourself. Second was that all packets should be signed with your social security number of all things. Don't these seem mutually exclusive to anyone else?
On a side note, social security numbers are not required to be a US citizen, in fact as long as you don't work for the government and don't keep money in any institution regulated or associated with the FDIC there is no need. On a side note the same goes for paying taxes. If this regulation goes through then in essense what is said by requiring a social security number for internet access is that it is a privledge and not a right for a citizen to possess. Scary thought to think that we may not have a right to communicate. Just some things to think about.
Nobody has 'root' on my system.
Wrong. Everybody has root on your system, in fact you have no way to prevent people from having root on your system. If a Linux application gives a local user unrestricted access to the computer, it's a horrible security bug that causes frantic warning emails to fill inboxes and newsgroups worldwide. If a Windows application manages to restrict a local user's access to the computer, it's a technological marvel built on a shaky foundation.
That is because I don't run a time-sharing system,
Unless you're really using DOS, this is untrue. BeOS and Windows9x are both multitasking systems, and Windows at least provides better mechanisms than Linux for allowing malicious processes to *hide* themselves from the user.
where the whole system is structured so that multiple users can wait poised to do things I don't approve of.
What, you've never heard of Back Orifice, NetBus, BO2K, or even the trojan "movie file" that's been bouncing around the net this morning?
My single-user operating system (BeOS, Windows 9x, DOS, whatever OS you choose to hate, Slashdotters) doesn't have a root account.
Yes it does. Root is the *only* account it has.
The only way to get that power on it is to sit down at it.
Or to get you to run a trojan Word document, VBscript, or executable (like millions of people have, for multiple different trojans), or to get you to run a malicious ActiveX applet, or to exploit a buffer overflow in any of a number of old versions of IE, NetMeeting, various FTP daemons...
You're not going to be allowed to do that, by the way.
Oh, you've never let anyone else sit down at your computer? You've never even left your computer alone while you weren't in the room? You're not a common case, you realize that?
Besides, who needs to sit down at your computer? I just need to burn my trojan backdoor to a CD-R and stick it in your drive, if you're one of the 99% of users who hasn't disabled autorun.
Or hell, I just need to sell you some nice closed source software or give you some shareware with a proprietary internet protocol, and upload whatever I want in the data stream. How many different companies wrote software that's installed on your computer? Do you realize that every one of those companies have "root" access? Do you trust all of them?
This is one of those areas of the law where all we need is a standard to agree upon, and it doesn't matter too much what exactly that standard is. It's no more oppressive than having governments regulate what gauge the railroads use.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Keep up the good work, guys...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Could this inadvertently help make "click-wrap" software licenses more legally binding for software purchased over the internet? After all, with a digital signature, the click-wrap license now can be made into a signed contract.
I just found out (in an unrelated conversation at work) that a friend of mine hacked into my dorm computer three years ago, when I was running Win95 (I forget what release) and it had a remotely exploitable SMB service. Good thing I didn't keep anything sensitive on it at the time, huh?
A guy on my department has written about these - the basic problem is that if somebody does figure out a way to imitate your hand/signature/retinal characteristics (and, remember, they can get access to the data because the whole data has to be stored for comparison, not just a signature) you're in trouble. It's rather difficult to get a new, non-compromised retina :)
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Okay, so much for the pro-anonyminity
I for one, do not want any company whose purpose is profit, to have access to MY DNA. It's really that simple.
And until the effectiveness and security of the digital signature is proven, I won't be filing too many mortgages over the net.
IF this is to be implimented properly, I would think it'd have to go on this methodology.. You have a public and private half of your digital signature. The public half is not just two static halves of the same key, like PGP is, but rather your signature plus the timestamp of when it was signed. That way anyone using it would have to act almost immediately to get the signature done right and keep it as valid. Using a static public key would be plain insane to prove without a certainty of a doubt that it was you and not someone who happened to see your key or hack your harddrive.
Another question.. what software would do the signatures? Would it be multiplatform, or Windows only? Would the software be even something the user would need? The very NATURE of the Web is anonymity, to change it and say that doing a transaction over an anonymous webpage now has your signature on it had better be really darn good, else any script kiddie with a few public tools could sign your soul to the devil (as it were). This goes doubly true if you're now going to be held legally bound to the contract in hand.
I, for one, want to see this implimentation before I would ever consider using it. Mearly stating that e-signatures are now legally binding is like saying your neighbor is now married to your wife. Unless you have a good way to prove it, I see this as a situation of the government attempting to quell fears while not grasping the whole implication and practicality of it all.
Even in the area of credit and charge cards, where billions of dollars are lost to fraud, companies still use completely unsecure systems.
I have also had several experiences where companies have duplicated electronic records, swapped electronically stored signatures, etc. With paper, fraud is quite possible, but with electronic signatures, both fraud and programming accidents are possible.
And, should there be a dispute, the situation in court is also disadvantageous for the consumer with electronic signatures. With paper, you can always ask them to produce the record. With electronic signatures, it ends up being your security expert against theirs, and they can afford to pay a lot more for their experts.
- It's all over if a cracker takes my private key! Well, would he/she not still need a passphrase? Just make sure passwords are not cached (this, I admit, is the weak link). Also, you can issue revocation certificates; even if someone else knows the passphrase and has your key, they cannot revoke a revocation certificate.
- Then the government/corporation/slashdot-satan-for-today will know who I am! Yes, just like with your handwritten signature on any official document, esp. those requiring notarization.
- My encrypted stuff can be cracked! This takes an immense amount of computer power, and most people are simply not that important. How would you encrypt things at all without computer cryptography? You could be like Richard Feynman, and create codes with your spouse to send encrypted hand-written love letters, but I personally don't have the time or mischievious inclination for that.
- When I get a signed email from some beautiful celebrity who wants to go out with me, how do I know it's her? That's why all public keys that matter are themselves signed by authentication services, like VeriSign. For personal keys, use these services or maybe the notaries at your local banks will catch on to another money-making opportunity.
Any disagreements? Am I missing any critical factors?*** Proven iconoclast, aspiring epicurean ***
Is this the same bill that had other gems "expediting" business transactions over the net, e.g., allowing companies to send e-mail in lieu of paper mail, even certified mail, without requiring any type of proof of delivery to the receipient?
:-)
The risks of that should be obvious. I already get enough crap from companies insisting that they gave me plenty of notification of rate changes/fee changes/etc in the 5-point print on the bottom of a statement bundled with "valuable information" on return address labels, travel clubs, $10 'CD' players!, and similar junk. Now they can just eliminate even that step and just mail it to me at "friend@public.com" and it's totally my fault that the message is dropped as spam by either my ISP or myself. *sheesh*
I must remember. No email is ever misdirected. No email is ever lost. All mail I received should be carefully reviewed, in its entirety, for important information. I must always run attached Office and VBS documents - it might contain a self-extracting signed document concerning some critical financial issue such as my long distance charges (which average less than $20/month). And in a totally unprovoked dig, MS Exchange only has problems because of all of those unconfigurable sendmail servers.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I know that pen & ink signatures ca be forged, but a digital sig would (at least now) would be FAR TOO easy to copy. They're going to make this easy for the morons with their first computers (Presario) to use. What does that mean? It'll have to be less secure. People would rather it be easy than secure.
So let's say that someone intercepts a digital signature on a Non-Disclosure Agreement or somesuch and then types up an agreement saying that they've already given you $X in cash and in exchange you agree to give up your house and then tacks that intercepted sig onto the bottom. You'd actually have to spend money on a lawyer to keep your house.
Until we have universal standards for STRONG crypto, I think that this is a BAD idea.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Yes, we will have legally binding digital signatures, produced by software with EULAs (made enforceable by UCITA) that disclaim all liability for their security holes and prohibit their competitors and third parties from the very sort of peer review that is considered essential in cryptography.
The net will not be what we demand, but what we make it. Build it well.
IANAL but I work for them. We constantly have docs that people have to sign off on. Everyone involved knows exactly who the other person is, and by the time the agreement or whatever is finished, they all know that then someone has to print it and then it starts the "fedex chain" where it has to be mailed from one person to the next to get their signatures. Usually it's just a signature page they return to us anyway, and if we were unethical could change the document and then attach their sig page. Instead, if this law goes through, the doc never has to be printed. It just gets e-mailed to the people that need to sign it, if someone wants to forge something like that, it will take a hell of a lot of leg work on their part. Not that it's not possible. We already to this to a certain extent with Adobe Acrobat pages - they aren't legally binding but we have a pretty good idea that they are legit.
Let's face it -- 99% of the populace, whether they use Windows (and I'm sure Microsoft will be so kind as to provide a VBScript hook for signing documents or at least publishing private keys, so that virus writers will have a new source of fun), or whether they use Linux (how many desktop-role Linux boxen do you know of that you would consider 100% secure?) is operating insecurely. And that insecurity is going to spell trouble if digital signatures are legally binding, because it opens up a whole new class of forgeries.
:)
*I* would not consider *any* box, regardless of operating system, platform, etc., to be 100% secure. The main issue with security, aside from the fact that -any- security system can be cracked, has to do with the loose nut behind the mouse. Sorry, but when a security system relies on human intervention, well, humans just aren't very secure.
Yes, a written signature requires human intervention, but there is certainly less vulnerable than password-based security. With digital signatures, anyone who can physically access your private key, which usually means anyone who can get into your box (i.e., type yoru login and password in somewhere), can get to your digital signature. At least with written signatures, your actual human presence is required (excluding of course forgeries which are another matter entirely, that's why for certain legal documents we require them to be notarized or otherwise certified by a third party).
My journal has hot
2 reasons why it doesn't scare the shit out of me...
1. Here in the UK we have had binding 'digital signatures' for a while - a faxed signature (digitally transmitted, remember) is legally equivalent to an original signed document here.
2. Surely forging a digital signature carries the same penalties as forging a written one - so we are gaining, not losing security here (as all those anti-forging laws will now apply).
- Andy R.
sig... Y2K, only 47.5 years left to fix those bugs!
A pizza of radius z and thickness a has a volume of pi z z a
Consider the current alternative: a scribble on a piece of paper? Yeah, that's secure.
Hopefully they will make this concept legal while not requiring a specific implementation - that way folks who care to can keep the implementation up to date. I trust folks like Visa, etc, to stay on top of this. It is in their best interest (by a long shot) to make this kind of thing work well.
I'd expect that if digital signatures become recognized, more contracts will start requiring witnesses -- the importance threshold for notarization will drop. The notary public business could really boom.
. . . these electronic signature laws are wildly overhyped.
There is a vast amount of authority (citations available upon request) strongly suggesting that legal formalities for a signed writing (the so-called statute of frauds) are satisfied by an electronic communication annotated or logically associated with a character or characters manifesting an intent to authenticate (legally, not technically).
In other words, the e-mail:
"Dear bill.
I will buy 1000 Model K frobozinators at $600 per frobozinator to be delivered FOB Tampa no later than thursday. Terms: 2% 10/net 30.
Love, Maria"
would very likely be enforceable under the common law and the UCC -- even if no encryption or other technical encryption was used. Requirements for signature under the common law are amazingly lax. An X, a fold or tear made in the paper, another's name, a shaving on a cow or even a footprint can constitute a signature.
The reason for an e-commerce statute is to make any question clear beyond cavil, so to clear the way for lawyers to permit BIG deals to be done without a signed writing. Imagine a few dozen lawyers at a $100M closing. The boss for the buyer smiles and signs "Minnie Mouse," or an "X," citing the case law suggesting that the signature is binding. Maybe so, you would say if you represented the other side, you would nevertheless ask a literate counterpart on the other side to sign the document "properly."
Its about eggs in baskets. The law should get out of the way of the technology used for signatures, and ratify any actual manifestation of an intent to sign. (electronic documents raise interesting proof issues, but so do traditional physical documents) The risk of misauthentication and the like is a different question to be decided by those who would USE the signature technology, not by those who enforce the agreements into which the parties otherwise clearly entered.
I registered for my trademark online with the USPTO. Instead of actually signing the document, the form prompts you to type your name in a text field 'affirming that all the previously entered information is true,etc'. If that's not a digital signature, I dont know what is. How can they do this if it is not legally binding?
-sigs of the world unite
It's an issue of speed, and ease. It runs a little like the 'Why copy music?' argument.
A real forger has to take significant effort to produce a work that is not easily dismissed. Additionally, the real forger has a significant time investment.
A script kiddy has no significant effort or time investment to produce the same work.
Think about banks. If I wish to close my account, walking away with a $10K cashiers check, the process laboriously checks identification, the signature, and whither it makes sense. Shit, I have the odd problem with my bank calling me because a check I endorsed for deposit while riding in a moving vehicle doesn't seem to match. When the electronic bank provides the same service based on my new DigiSig 2.0, some script kiddy walks away with my savings account.
.sig: Now legally binding!
Key points Loosly translated:
Public-key cryptograhpic digital signature has now become the main tool, using current technology, of assuring the integrity and the source of electronic documents, therefore replacing the handwritten signature in tradiditonal documents.
bla bla bla
Therefore exchanging public and private electronic documents with the same value as their corresponding paper documents is now a reality.
The document goes on to list that certificate holders must be registered and readily consultable, administered by a central authority.
Pretty cool for a country where its still legal to abuse a woman as long as she's your wife
Federally mandated digital signatures will make my identity more secure. I will be able to PROVE that I didn't sign that credit card application, so I don't owe money for the bill.
Really? What happens when someone steals your keys and starts making copies and handing them out as party favors? This isn't any different from a handwritten signature except that it can be less secure if you don't pay attention. The only difference is that you can submit papers with your signature on them digitally.
It's much easier to send a request to have your car registered through the internet directly to the Registry (guess which New England state I live in :-) then it is to go and stand in line for an hour to pass them a single sheet of paper and then leave.
This could also mean you would now have to "digitally sign" the license agreements for all those computer programs. This could have a down side.
You are in a maze of twisty little relative jumps, all alike.
Secure digital signature is already legally binding in Italy since 1997. Here is some info (in Italian)
Making digital signatures legally binding scares the shit out of me.
Let's face it -- 99% of the populace, whether they use Windows (and I'm sure Microsoft will be so kind as to provide a VBScript hook for signing documents or at least publishing private keys, so that virus writers will have a new source of fun), or whether they use Linux (how many desktop-role Linux boxen do you know of that you would consider 100% secure?) is operating insecurely. And that insecurity is going to spell trouble if digital signatures are legally binding, because it opens up a whole new class of forgeries.
Let's pretend, for a moment, that most programmers are good at implementing cryptography and would never, ever write a program that allowed a key to be compromised by its use. (Hell, I don't trust any programs I write with my private keys.) Even if you've got good cryptography software, where you store your keys is probably going to be compromisable by an enterprising cracker.
Before anyone even considers making digital signatures legally binding, how about requiring this binding to only take effect if the document was signed by an approved smart card? Make it a parameter of the signature, and make it illegal to write software or create unapproved smart cards that set that parameter.
You are confusing legal issues here. The concern (legally) over EULAs do not relate to lack of a signature. Some remedial business law:
You do *NOT* as a matter of course require a signature to enter into a contract. Period. If I offer to sell my rabbit to you for $50 bucks, and you say yes, we have an enforceable contract under the law of 49 states (I am not sure about Louisiana law, but who is?).
A signature is only required, generally, when a specific provision of law or common law (known as the statute of frauds) requires it. The most typical scenarios are:
(1) transfer of rights in land; and
(2) transfer of goods in excess of $500.
(Which is why software licenses often expressly provide that they do not involve the SALE of software).
There are a few additional scenarios relevant to copyright license rights -- exclusive licenses or transfer of copyrights itself (as opposed to copies of a work or the sale of a license in the work).
Accordingly, the vast majority of EULAs do not require signatures. (Although this is an argument frequently raised against them by lay audiences). An e-signature provision would not raise new legal issues.
The issue with EULAs is the dual arguments that: (1) I never agreed to the EULA; (2) I only agreed to the EULA after I had already paid for and received my copy of the work, hence there is no consideration for the EULA; and (3) Under the UCC, the timing of the post-sale writing, which materially changes the agreement, violates Section 2-207 (battle of the forms) and is therefore unenforceable.
As a matter of course, by the way, these arguments have failed. The only Circuit Court opinion directly on point is ProCD, which held that the agreements are enforceable at the end of the day. Other appellate opinions held certain provisions unenforceable under other rules of law, but not on the ground that no contract existed.
Finally, note that "digitally signature" under the new law does not require any form of encryption or authentication. A simple typed "Love, Mom" will suffice.
If I sign something with a GPG/PGP/S-MIME/X509/... key stored on my harddrive, I know that there are 100 ways to steal this key (and 100 ways to snoop my passphrase...) so I would say this is *very* insecure and anyone (with enough time and money) surely would be able to sign anything he wants using these methods.
u rl=/newsticker/data/nl-03.05.00-001/defaul t.shtml&words=Chipkarte
But even if we assume, that I own a chipcard with embedded unbreakable public key encryption which hides my key from everyone (including myself, so I (or someone stealing my card) cannot store this key on some external media)... How can I be sure, that I'm really signing this contract in exactly the same form I am looking at on the screen right now?
The Chaos Computer Club has demonstrated[1] how you can use someone's chipcard-reader over the net. Banks using chipcards for electronic banking are too miserly to use terminals which include some form of display (which might say: You are now signing a transfer of $1234...) for feedback right from the card.
But I'm sure, when signing a contract of well... let's 20 pages of text, only some form of checksum will actually be transfered to the smartcard...
Will the display then read: "You are signing a document whose md5-sum is 68b329da9893e34099c7d8ad5cb9c940?"...
On the other hand, anyone can read my credit-card-number if he happens to find a copy of a receipt in some store's trash, so electronic signatures surely will improve the security of these transactions...
[1]http://www.heise.de/newsticker/result.xhtml?
The problem of forging or stealing digital signatures is of primary importance and concern (atleast it was back when I was working for a state court system). I don't think encrypted digital signatures are the way to go at all. I see government, in particular, using some sort of biometrics system to verify signatures (captured via pressure sensitive electronic pen and pad), voice, face, fingerprints, or iris and retinal scan.
Here's some more general information for whomever is interested:
www.finger-scan.com
www.facial-scan.com
www.retina-scan.com
www.hand-scan.com
www.voice-scan.com
www.signature-scan.com
- tokengeekgrrl
"The spirit of resistance to government is so valuable on certain occasions
Strictly speaking, many types of contracts don't need *any* signature to be legally binding. Unless one is required by the Statue of Frauds all a court needs is proof that both/all parties agreed on mutually beneficial acts and that at least one part did an overt act in compliance with that understanding.
:-)
In other words - a verbal contract.
*So*, in many cases if two parties exchanged digital signatures in the expectation that they were binding then they were, in fact, binding. If the contract was covered by the Statue of Frauds and they exchanged traditional documents stating that digital signatures would be considered binding for the purposes of the SoF, then these signatures would be binding. If they tried to use only digital signatures for something covered by the SoF, they were never binding.
Even in the case where one party exchanged digital signatures with the expectation that they would not be binding, if the other party/ies thought they were doing a good-faith negotiation then these signatures would probably be declared binding for the purposes of a criminal complaint for fraud.
The only thing this bill really does is 1) state that digital signatures are acceptable under the SoF, so you can buy real estate and the like with them, and 2) deny shady characters the chance to try claiming that the digital signature "wasn't really valid" in hopes that the other party will give up and walk away from a legitimate claim.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
So what? I can now give assent to a contract over the net. But how we can keep others from 'forging' our signature on these new binding declarations is another issue entirely, and is the one we should be asking ourselves.
How can we keep ourselves safe in a time where all but the beefiest encryption schemes are crackable on commodity machines and any determined script kiddy can clone a magstripe?
.sig: Now legally binding!
Please digitally sign here in order to install the software that you have already opened and can no longer return. Oh, this means you have already read the 50 pages of draconian fine print with your lawyer present.
Craig
"I say to let the market handle these things."
If only we could. But note the word "legally" in "legally binding". If you and I have a contract signed with non-legally binding signatures, and one of us backs out the other one has no recourse.
--
Wanna hook MAPI clients to your Tru64/AIX/Linux server?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Of course, this is not to say that traditional signatures aren't that secure. That's even more easy to fake, if you think about it.
So what gives? Are we saying that both signatures are equally valid? One is more valid than the other? Whatever the case, we should recognize that the authenticity of the two are different, and treat with differing degrees of authenticity. Exactly how, I don't know. I would like to hear from the experts though, on how we should handle our digital signatures.
Is the current infrastructure (i.e. none) on the net adequate? Do we need escrow services?
I am an InfoSec professional IRL, but this is not professional advice.
:)
==========
Ref: point 2, "Remember when 128 bit keys was way too big to be factored? I do, and I'm all of 28 years old."
128 bit keys were never considered too large to be factored. Various people were positing RSA-129 as being secure back in the '70s, but that was 129 *decimal digits*, not *binary digits*. (I may be off on the exact 129 figure--it was about that, though.)
To brute-force a 128-bit number requires you check every prime through 2^64. This is not very difficult. Using an intelligent factorization algorithm will make factoring a 128-bit number trivial.
To give a rough comparison, 2^20 is approximately equal to 10^6. 2^20 raised to the sixth power is 2^120, add on another factor of 2^8 (which is approximately 10^2)... you're looking at 10^6 raised to the sixth (10^36) with another factor of 10^2, for a grand total of 10^38.
Factoring a 38-digit number is not very hard. Factoring a few *hundred* digit number is nontrivial.
When you listen to PKI companies give their shtick about how wonderful PKI is and how it will save the universe, apply some simple common sense.
1. Who holds your private key (besides you)? - If you use the VeriSign solution for digital certs (the one where they manage the CA for you), in addition to your users having their keys, so does VeriSign. If you roll your own, your users have their private keys, and probably also the administrator who gen'd it for them (for when the user accidently deletes their keys). How will users store their private keys? On their hard drives? Poor security, easily obtained by a ruthless 3rd party. Floppy? Unreliable medium, more susceptible to theft. Smart Card? Susceptible to theft.
2. Remember when 128 bit keys was way too big to be factored? I do, and I'm all of 28 years old. Even with using 1024 bit keys, it's only a matter of a couple of years before many keys are useless. For the uninitiated, I've got your public key, and can find the prime factorization for a number that is your public key and your private key (for all intents and purposes, it's a bit more involved, but not THAT much more). If I compromise your private key in this way, you have no knowledge that I've done so (unless I'm a big moron about doing it), and I can freely digitally sign documents as if I were you. The signatures will even validate properly. Fun, huh? Maybe I'll buy some stuff over the net with your keys, and have it drop-shipped to a Mailboxes, etc. or some other such place.
3. Complexity of the system - I don't know about everyone else, but my mother barely grasps the concepts behind sending email and pulling up a web page. How's she ever going to understand the how and why it's not only safe, but legally binding to use PKI technologies to enter into agreements?
--
The unsig!
What I don't even see mentioned in the article is the verification process used to insure that the keyholder really is the person they claim to be.
Anyone can create a key claiming to be someone else - the only way you know that the key really does represent the person it claims to be representing is if: a) the person gave you their public key in person, or b) there is an authority that "signs" the key, confirming that it is in fact from that person.
Now, this is really no differant than the way things are today - anyone can sign a check as "Bill Gates," this is why Notaries exist. Are we going to extend the Notary system to have them sign public keys as well?
All operating systems suck. Some just suck less than others. (and some are virtual black holes)
Is that feasible? Technically? Legally?
Want to work at Transmeta? MicronPC? Hedgefund.net? AT&T?
Can your IM do this?