The paper's conclusions are:
1. "This paper demonstrates that the deployment of a trusted computing system for
digital signatures is the only secure option,"
Comment: this is a tautology, for which no demonstration is necessary and is not even
in question.
The question is how to make it happen in the real world, where a trusted computer
system might be
only the ones that are turned off and buried underground.
2. "resulting in a legal position where the onus of proof for the electronic
environment is equivalent
to the paper-based environment."
Comment: I want to say -- Gimme a break! Everyone knows that paper-based environments
are
not golden standards for security. Why have banks moved and are moving more and more
a w a y from paper? Why are paper badges only to be found with dodos?
3. "If a trusted computing system is used to affect a digital signature, then and only
then
can the onus of proof lie with the recipient in the same manner that exits in the
paper-based
world."
Comment: this is a non sequitur. And, as everyone knows, the onus of proof lies
always on you ;-)
When push comes to shove, if you can prove you did sign the insurance policy before
the quake because there is (for example) a digital timestamp that can be verified, the
recipient may say whatever
it wishes.
4. " Without a trusted computing system, neither party - the signer or the recipient -
is in a
position to produce the necessary evidence to prove their respective case."
Comment: Give me trust so that I can use it, is the message here. Trust, however, is
earned.
To produce the necessary evidence, either party may need to use another system.
Volkswagen
AG is a trusted and known company and yet this did not prevent them from encroaching
into
GM's intelectual property and actually using it, which later on caused (in 1998) VW to
pay a
fine of US$ 1.1 billion (yes, billion). We find in security work that trust is
oftentimes a question
of the extent to which that trust finds itself stressed to until it fails when a limit
is reached. For
VW, that was their limit.
5. "Hence the implementation of a trusted computing system will allow for a balance
between the two environments."
Comment: The authors seem to believe that trusted computing systems arrive by mail
order
catalogues. No, someone needs to say that they are simply abstractions -- useful, but
abstractions. If I trust a computer system before I know that my competitor trusts it,
will it make a difference that my competitor now trusts it? Yes, as we see everyday.
I do not want to give the article a dismissive treatment, because it does have some
useful
comments, but the glaring mistakes and omissions also in the legal part make it IMO a
difficult
read. I was somehow expecting a better take from Adrian. I guess the article is
simply not
non-repudiable ;-)
Cheers,
Ed Gerck
