Electronic journals and secure signatures

Edward J. Huff huff at mcclb0.med.nyu.edu
Thu Mar 11 18:20:12 EST 1993


In article <1993Mar10.213955.209 at news.columbia.edu>,
dan at cubmol.bio.columbia.edu (Daniel Zabetakis) wrote:
> 
> In article <huff-100393131509 at pgl6.chem.nyu.edu> huff at mcclb0.med.nyu.edu (Edward J. Huff) writes:
> >In article <1993Mar6.172540.27349 at news.columbia.edu>,
> >dan at cubmol.bio.columbia.edu (Daniel Zabetakis) wrote:
> >>    The point is that you can't take computer communications too seriously.
> >> What about forged mail and news articles? This is trivially easy for
> >> many people. I could forge an abstract from some famous lab with a suprising
> >> or humorous result. You just can't depend on computer communications to
> >> be authoritative.
> >
> >Take a look at sci.crypt, RIPEM Frequently Asked Questions,
> >available on your local usenet server, or from rtfm.mit.edu in
> >directory /put/usenet/sci.crypt
> >
> 
>    Might work. Especially for mail connections. But everytime someone
> suggests making usenet more authoritative on news.admin, they are drowned
> in a host of technical problems too numerous to read.
>    And we would have the additional problem of connecting our authentication
> to the outside world.
>      Is D. Baltimore on the net the same as the famous DB? Or even more
> trouble, how do you verify whether a person in his lab is really there
> or just claims to be?
> 
>    I think electronic publishing is a useful idea, but I think we are
> some way away from it being a very serious thing.

(The above exchange was in bionet.general)

I would suggest that BIOSCI could provide a signature service for anyone
who wants to register.  Authentication requires a trusted key server, and
BIOSCI could provide the server and also could serve as the connection to
the outside world.  A signed article would contain a signature block that
can be verified by software (e.g. RIPEM) and it would contain the public
key which could be verified by comparing it to the list posted regularly in
some bionet newsgroup.  BIOSCI would only post the public keys which is has
independently verified,
e.g. by telephone or by mail.

Ok, I haven't actually fetched RIPEM and tried it, but I could easily
imagine running it against this article and appending a signature block and
my claimed public key.  Most people wouldn't bother checking (although
newsreaders containing RIPEM code could verify that the signature matches
the claimed publick key).  Maybe next week, well, maybe next year...

Probably, the most serious problem is the possibility that someone could
break into my computer and steal the private key. 

I read the other articles about electronic publishing, and no doubt there
are many other problems more important than authentication.  However, as
more people use online searching capabilities, the advantages of online
publication will become more obvious.  Guess I really should unstuff
TurboGopher and try it...

Using signed articles and newsreaders that check signatures would
completely prevent undetected modifications.

--
Edward J. Huff   huff at mcclb0.med.nyu.edu   (212)998-8465
Keck Laboratory for Biomolecular Imaging
NYU Chemistry Deptartment, 31 Washington Place, New York NY 10003
Posted from the new Mac NewsWatcher 1.3d5



More information about the Jrnlnote mailing list