[plug] Was bun fight about "bad" words.

Craig Foster fostware at iinet.net.au
Mon Apr 1 22:08:12 WST 2002 

On a side note, as a Thawte notary, I *HAVE* to keep the supporting
documentation for a notarise for a set amount of time. Once the servers
issue a valid ID, those notaries that confirmed his identity are on record
and are forced to present those copies of original documents when Thawte
request them for legal or identity checking purposes.

I'd prefer a authoritive system with set of rules with the possibility of
financial penalty rather than a group of friends vouching for my GPG. Now
if only they would support a more open source system rather than a
IE/Outlook/Outlook Express  oriented method of disseminating keys.

And finally, I can remember a post from 5/03/2002 that didn't like my post
"[plug] SL.O.T. - NetGear 802.11a/b" saying that the contents may have
been changed. (Due to the low importance flag) That 'incident' show a
positive in that people are "pretty bloody sure" messages come from me or
specifically my computer with my say so without alteration, as access to
the cryptographic store requires additional clicks before sending -
something a trojan is much less likely to be able to get around (touch
wood and my AV program).

All in all, a chain is as strong as it's weakest link. OE/IE and humans
are still not secure enough for legal transactions.

My 2c worth.

Craig F.


> -----Original Message-----
> From: Mark Dixon [mailto:mdixon at ecel.uwa.edu.au]
> Sent: Monday, 1 April 2002 9:32 PM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] Was bun fight about "bad" words.
>
>
> > I understand that, and agree. With one caveat however.
> The digital signature
> > demonstrates that it was *your computer* which originated
> the message, not
> > you. In most cases there's not much difference (maybe
> none at all), but it
> > *is* important. If I went to a party at your place, I
> could concievably send
> > emails from your machine which would be digitally signed
> in the same way
> > that those written by you would be. It's the weakness not
> so much of digital
> > signatures, but of the assumption that the signature
> proves your presence.
> > It doesn't.  Of course, your comment about convincing
> evidence is still
> > completely true.
>
> Agreed.
>
> And further - you(? someone?) raised a point about users
> not using (knowing about) encryption and
> S/MIME.  The Commonwealth and the States have recently
> enacted legislation that ratifies the United
> Nations Commission on International Trade Law's (UNCITRAL)
> model law on electronic commerce.  [See:
> Electronic Transactions Act (Cth) 1999, and Electronic
> Transactions Bill 2000]   These put
> electronic transactions on an equal footing to paper
> transactions at law (ie. in court).
> Necessarily, the digital signature will become an issue, as
> will things like clicking the "I Agree"
> button when presented with one by a bank or other vendor of
> services.  You may find that by having
> certain buttons clicked on your computer you are entering
> into a contract that is enforcable in a
> court.
>
> We may all want to consider the security of our computers,
> operating systems, and digital
> certificates.
>
> Cheers, Mark Dixon
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020401/2d986d50/attachment.bin>

More information about the plug mailing list