Management of signature keys for government

Brian Gladman gladman at seven77.demon.co.uk
Wed, 4 Mar 1998 08:33:10 -0000 

-----Original Message-----
From: Roger Fleming <roger@police.tas.gov.au>
To: 'ukcrypto@maillist.ox.ac.uk' <ukcrypto@maillist.ox.ac.uk>
Date: 04 March 1998 04:01
Subject: Re: Management of signature keys for government


>
>Brian Gladman wrote:
>
>[...]
>>One issue in the self generation of keys is how to prevent a user
>>repudiating their own key by revealing its private component.
>[...]
>>There are a number of ways in which a user could be prevented (or
>>at least
>>deterred) from revealing their own key but it is not clear (to me
>>at least)
>>whether any of these are practical in the real world.
>
>In view of the recent discussion about what type of signatures are
>acceptable in the real world, I wonder if this isn't too stringent a
>requirement for the system. After all, today you cannot repudiate a
>paper-signed contract by claiming that you signed a quantity of
>blank pages and left them lying about. It is _your_ responsibility
>to protect your signature. Essentially, if the user has some means
>of revoking the key pair even after losing it, and their genuinely is
>no practical way for a third party to steal his private keys, I don't
>see the problem with just regarding all pre-revocation signatures
>as binding.
>


For me this depends on the assurance that I have that my signature key is
properly protected.  If the secret component of my signature key is
downloaded onto the card rather than generated on it under my control, then
this component can in principle be replicated by someone else.  While this
possibility exists I cannot see how it is possible to distinguish between a
situation in which I leak the key and one in which someone else leaks the
key.  I would agree that, if the only possible source of a key compromise is
me, then it makes sense to make me liable.  I see this as a very good reason
for having on card key generation since, with appropriate assurance
measures, this gives a high level of confidence that the secret key
component only ever exists in one place and also that no-one, not even the
owner, knows its value.

    Brian