Horst Herb wrote: > On Thursday 31 May 2007 09:50, Oliver Frank wrote: >>> 1. You know who wrote it >>> 2. You know that is not corrupted >>> 3. You know when it was written >>> 4. You do not need to store a paper copy >>> 5. It actually does allow real paperless communication >> The last two points have nothing to do with digital signing. > > and you don't know #3 either - all you can say that after you received it, > the > sender cannot change the timestamp on the document any more. > > #1 is strictly only valid if the key was never out of the hands of the owner, > which is not given with HeSA generated keys
True, but given the trouble we seem to have had getting the basics going a certificate signing request raises the bar again. It is extremely hard (near impossible) to get the private get out of the dongle without destroying it and I doubt the HIC would be able to do that. > > #2 regarding accidental (as opposed to deliberate) corruption is also doable > without digital signatures (by appending a simple checksum, or encrypting w/o > signing) Yes we can do that with MD5 or SHA1 hashes but as its not a standard yet we just get questions about the funny characters at the end of the message. > > So it looks like all points 1-5 don't hold water if we look close enough. > They hold water at the 98% level, which is a lot better than the 0% level. Its about being pragmatic and not too suspicious of the governments motives. The eHealth execution in this country has a poor history, but the motive has probably been sound even if there have been many stuff ups trying to achieve anything. > Don't get the wrong impression - I am still in favour of digital signatures, > I > have been practising them for more than a decade myself - but we have to do > it right. We sign all the messages with PGP or GNUPG or HESA as needed and that is the authentication. By restricting the Freely downloadable and installable referral client to HESA keys we do not have to authenticate the users key as HESA does it. Hence it can be free. In fact the MO network is freely accessable via PKI keys now and always has been. That the advantage of HESA authentication. > > Not this crazy idea of *mandatory* third party generated "private" keys, and > not this crazy idea of mandating proprietary technology and problematic > hardware drivers. A process of certificate signing requests with an authentication token would be best I agree. The site certificates are more of a risk than the dongles as the private key can be copied easily. Ideally we will get to a point where u install a client, generate a certificate and then type in a HESA supplied string and get the public key signed by HESA and on LDAP instantly. Then HESA can identify you and you can generate your own private key. That would be the ideal world. Medical-Objects generates PGP Keys during the install process and uses the install token to initiate a master key signing process like this. So we do not have a copy of the private keys, which means a reinstall if the installation is lost. Andrew McIntyre > > Horst > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > > __________ NOD32 2302 (20070531) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
