Stefan Kelm wrote:
Here in Europe, e-invoicing very slowly seems to be
becoming a (or should I say "the"?) long-awaited
application for (qualified) electronic signatures.
Since electronic invoices need to be archived in
most countries some vendors apply time-stamps and
recommend to re-apply time-stamps from time to time.
recent post/thread with some discussion of the business of
digital certificates ... as distinct from either digital
and/or electronic signatures.
http://www.garlic.com/~lynn/2007h.html#28 sizeof() was: The Perfect Computer -
36 bits?
one of the exploits for the "changing" the burden of proof scenario
(mentioned in the above post) ... since the incentive is significant
... is where the merchant produces a digital signature plus corresponding
digital certificate purported to be from the other party.
the underlying digital signature stuff was designed for providing
authentication and integrity for the transaction. there was never
any provisions for it to ever provide intent and/or handle the
situation of establishing the inverse ... i.e. in traditional
digital signature & digital certificate paradigm ... there is
no way of proving what, if any, digital signature and digital
certificate were originally appended to the transaction/invoice.
this somewhat gets into the area of non-repudiation services
(where some of the trusted time-stamping have periodically
wandered into) ... i.e. for individuals, digital signature isn't
representative of a human signature and intent ... it is
purely does (what digital signatures were originally designed
for) authentication and integrity.
other parts of the same thread related to digital signatures
http://www.garlic.com/~lynn/2007h.html#20 sizeof() was: The Perfect Computer -
36 bits?
http://www.garlic.com/~lynn/2007h.html#22 sizeof() was: The Perfect Computer -
36 bits?
http://www.garlic.com/~lynn/2007h.html#26 sizeof() was: The Perfect Computer -
36 bits?
http://www.garlic.com/~lynn/2007h.html#27 sizeof() was: The Perfect Computer -
36 bits?
possibly being able to force changing of burden of proof ... is analogous to
some past discussions about "dual-use" attack ... again where there was
possibility
of allowing digital signatures to wander into the arena of human signatures and
intent ... a thread that started in this mailing list
http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature
vulnerability
http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature
vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems
http://www.garlic.com/~lynn/aadsm19.htm#27 Citibank discloses private
information to improve security
http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at MasterCard
processor
http://www.garlic.com/~lynn/aadsm19.htm#43 massive data theft at MasterCard
processor
http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and
authentication
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the
security challenges
http://www.garlic.com/~lynn/aadsm23.htm#13 Court rules email addresses are not
signatures, and signs death warrant for Digital Signatures
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
