Smartcard Support, open system security, law,( certificate sig removed)
thomas schorpp
t.schorpp@gmx.de
Thu Aug 21 16:56:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi,
im against and dont like using smartcards due to certain security flaws with
its whole system:
- - it makes no sense to protect and provide electronic signatures with
strong algorithms and then using weak smartcard pins of 4-6 decimal digits,
this would be the way of the german signature law (SigG) and its well known
providers regtp (the old bundespost), bmi, tuvit, d-trust...
- - the cards and its commercial systems will be hacked, loosed,
pin-compromised faster than you think.
- - the reasonable use of smartcards to protect data requires protecting the
pin in a encrypted file using a strong passphrase in brain only and never to
loose on a personal high secure mobile unit or a workstation (staged
concept), i'm doing so with the insecure pin numbers of my credit and ec
bank cards.
for such a project we need not only open software, we would need OPEN
HARDWARE systems of intelligent mobile devices (a stupid smartcard or
usb-stick isnt that way), too.
maybe off-topic, if this discussion is going on elsewhere please let me
know:
besides, our open sytems should include the ability to handle the TWO
personals needs of a todays electronic individual or organisation (juristic
persons): we need 2 personal signature/encryption keys/certificates, one
requires privacy and anonymity in electronic worlds, the second requires
acceptance by at least by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 13 December 1999 on a Community framework for
electronic signatures
Code 5 Part 2, says, a court has to recognize signatures even NOT approved
as "qualified" by national authorities(!).
not to mention international treaties.
that would be our chance to bridge between the nowadays seperated systems,
accepted for both individual needs, otherwise commercial systems and
microsoft will lead in the future. gnupg is therefor funded in part by the
german ministry of economics to adopt later in civil "government"(?). so
politics is in here, too, dont miss it!
Y
tom
Key ID: 0x31E21ABA www.keys.de.pgp.net
- ----------------------------------------
Elektronische Unterschrift ist nach Import meines Stammzertifikats gültig
gemäß
RICHTLINIE 1999/93/EG DES EUROPÄISCHEN PARLAMENTS UND DES RATES
vom 13. Dezember 1999 über gemeinschaftliche Rahmenbedingungen für
elektronische Signaturen
Artikel 5 Abs. 2 i.V.m. §23 SigG "ausländische Produkte"
Produkte der Microsoft Corporation behandeln Signaturvertrauen in diesem
Sinne unvollständig.
Benutzen Sie besser Open Source Produkte (Linux, etc.)
Digital Signature is valid after importing my Root Certificate by
DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 13 December 1999
on a Community framework for electronic signatures
Code 5 Part 2
Products of the Microsoft Coporation handle signature trust in this case not
fully.
Better use open source products (Linux, etc.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96
iEYEAREDAAYFAj9ElmYACgkQzvbvBTHiGrp+QACg5Q5XfUuMSmX75rm40AryRGNW
wloAoJ5FqwXfGxwMoDpJVVp9IT9q9g2T
=QrmE
-----END PGP SIGNATURE-----