Hash: SHA1

Jerry Leichter <leich...@lrw.com> writes:

> The only conceivable purpose for using a signature is that you can
> check it *offline*.  If you assume you can connect to the network,
> and that you can trust what you get from the network - why bother
> with a signature?  Simply check a cryptographic hash of the driver
> against an on-line database of "known good" drivers.

> This is right in line with Lynn Wheeler's frequent mention here that
> the use case for offline verification of certs for commerce
> basically doesn't exist.  It was a nice theory to develop 30 years
> ago, but today the rest of the framework assumes connectivity, and
> you buy nothing but additional problems by focusing on making just
> one piece work off-line.

Not quite.

Untraceable anonymity and untraceable pseudonymity remain one of the
important applications of cryptography, and both depend on store and
forward anonymizing networks which mix traffic by using high random

The saving qualifier for your assertion is "for commerce".  True,
there is not yet a way to securely transmit and store commercial value
(money) offline, but it has not been proven impossible.

For these applications, the security has to be in the message, not the
connection.  Offline verification is essential.

 -- StealthMonger

   stealthmail: Scripts to hide whether you're doing email, or when,
   or with whom.

Finger for key.

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to