Management of signature keys for government

Mon, 02 Mar 1998 10:26:14 +0000

I don't know why, but I seem completely unable to see why
users can't generate their own keys for use in smart cards,
using their own trusted software, and uplink their own trusted
copy of the key to the smartcard.
I can see why central administration of the ATM / credit cards is
needed.
1) The cards are the property of the issuer (mine even has that
    printed on the reverse)
2) Readers are rare and under the direct control of the bank
    (ATM or sales-point readers)
3) They are only used to access bank facilities.

However, if smartcards are to be widely adopted, none of the
above is true.

1) The card is your signature; it is a personal statement that you
    agree with or approve of the document it is attached to
2) Readers must be commonplace, and must already be capable
    of writing data to the card (or how do you tell it *what* to sign.
    Almost by definition, it must be a small device that can be 
    attached to a pc (presumably via a serial port to prevent it being
    tied to one piece of hardware); it must be inexpensive enough that 
    people will be willing to adopt it; It must be secure enough that
    people will trust it.
3) It must be capable of signing a document to be exchanged between
    two end users (without a third party needing to take part, other than as
    a repository of the public side of the key)

In order to meet the requirements of trustability in (2), the card _must_ have
some form of fragable link (a fuse or similar) so that once a voltage has been
applied across it, the card is unable to accept any further write commands.
Is there any valid reason why this has to have been blown at the factory?

Sig:                       __--= Dave =--__