1 / 10

Can PKI be made simple enough to be used by non-experts? Signature formats and context

Can PKI be made simple enough to be used by non-experts? Signature formats and context. Antonio Lioy ( lioy @ polito.it ) Politecnico di Torino Dip. Automatica e Informatica. User expectation. Yes, if you use card X with reader Y via application W … and you own a QC from provider Z!.

mirra
Download Presentation

Can PKI be made simple enough to be used by non-experts? Signature formats and context

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Can PKI be made simple enoughto be used by non-experts?Signature formats and context • Antonio Lioy • ( lioy @ polito.it ) • Politecnico di Torino • Dip. Automatica e Informatica

  2. User expectation Yes, if you use card Xwith reader Yvia application W… and you own a QC from provider Z! Is it possibleto create an interoperable signed e-document?

  3. User perception • perceived difference between signature and document • “electronic signature? wonderful, so I can e-sign a blank e-document …” Antonio Lioy

  4. ETSI work • ETSI TS 101 733 (version 1.4.0) • builds on other standards: • RFC-2630 [CMS] Cryptographic Message Syntax • RFC-2634 [ESS] Enhanced Security Services • great richness of options • current work towards a simplification … • … while retaining richness of expressivity

  5. ES-C ES-T Electronic Signature (ES) complete certificate and revocation references timestamp over digital signature signature policy ID other signed attributes digital signature ETSI ES formats plus the ES-X formats …

  6. Timestamping • attestation of signature time is important • e.g. to check that certificate is not revoked • attestation can be: • contained inside the document itself (e.g. TST) • provided externally (e.g. by the receiving system)

  7. WYSIWYS • What You See Is What You Sign • highly desirable • it’s a matter of the application developers • do we really need it? let’s compare it to fine prints in paper documents …

  8. SSCD • Secure Signature Creation Device • better known as “smart-card” • should be a solution to the problems of secure key storage and signature creation … • … but too often it is THE PROBLEM for the user • it’s a complex problem (card, reader, API, application) … but we managed it in GSM!

  9. signed data document document documentdata document signature signature signature envelopingsignature envelopedsignature detachedsignature Signed document formats

  10. Conclusion Have e-documents to be more securethan paper documents? We run the risk to kill the ideawhile looking for the perfect solution.

More Related