On Mon, 2003-12-22 at 08:28, Adrian Midgley wrote: > On Sunday 21 December 2003 20:54, Tim Churches wrote: > > > Regardless of which you use, users need to prove who they are to the > > service provider, and v-v, at least once > > In principle, I don't refer patients to doctors I have not met... > In principle, therefore, when doctors meet, they could exchange keys...
When you say "exchange keys" you really mean "cryptographically sign each others public keys"? Public key exchange is best done through shared directory servers. But the key signing (after identity is confirmed) needs a face-to-face meeting, or at least some secure, out-of-band means of mutually proving identity. It has been suggested (by David Guest) that key signing "parties" should be conducted over wine and nibbles at the end of each and every medical continuing education session. Simply exchanging or agreeing on secret keys (passwords) doesn't work, whether you are making the exchange with a colleague or with a server or service, because you need a use a different key for every entity with whom you interact - you can't re-use the same key or password for server A as you do for server B. Well, you can, but you then have to trust that server A and all those who have access to the password file on it (eg a successful external hacker) will never try to impersonate you on server B. That's a dangerous assumption. The alternative, of maintaining separate passwords for each server is not scalable, even if you only deal with a dozen other entities. Thus, from the point of view of a server or service provider, simple username/password pairs are fine, but from the point of view of a client of multiple services/servers, there is really no substitute for a public/private keys and an associated PKI - it actually makes life simpler. However, that PKI can very satisfactorily be a GPG-style web-of-trust. > Medicine is not so large a sphere as all that, and the rate at which key > trust could spread locally and the rate at which new doctors who all know > each other could spread across a country are both large. Yes, and now I see that you meant key signing above, not just key exchange. > > My secretary carries a credential from me, as does everyone else's. > > It isn't as large a task as it seems, I think, and it scales nicely along > with where patients actually go at present and will in the future. > > Now doing it with control by managers and a central administration ... > there is a harder task, and one that adds something to a system rather > than using the existing professional relations. Yup. It is a huge pity that the GPG model of a web-of-trust is so misunderstood, or maligned as being too "informal". -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
signature.asc
Description: This is a digitally signed message part
