Smartcard Support, open system security, law,( certificate sig removed)
t.schorpp at gmx.de
Thu Aug 21 17:55:01 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
im against and dont like using smartcards due to certain security flaws with
its whole system:
- - it makes no sense to protect and provide electronic signatures with
strong algorithms and then using weak smartcard pins of 4-6 decimal digits,
this would be the way of the german signature law (SigG) and its well known
providers regtp (the old bundespost), bmi, tuvit, d-trust...
- - the cards and its commercial systems will be hacked, loosed,
pin-compromised faster than you think.
- - the reasonable use of smartcards to protect data requires protecting the
pin in a encrypted file using a strong passphrase in brain only and never to
loose on a personal high secure mobile unit or a workstation (staged
concept), i'm doing so with the insecure pin numbers of my credit and ec
for such a project we need not only open software, we would need OPEN
HARDWARE systems of intelligent mobile devices (a stupid smartcard or
usb-stick isnt that way), too.
maybe off-topic, if this discussion is going on elsewhere please let me
besides, our open sytems should include the ability to handle the TWO
personals needs of a todays electronic individual or organisation (juristic
persons): we need 2 personal signature/encryption keys/certificates, one
requires privacy and anonymity in electronic worlds, the second requires
acceptance by at least by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 13 December 1999 on a Community framework for
Code 5 Part 2, says, a court has to recognize signatures even NOT approved
as "qualified" by national authorities(!).
not to mention international treaties.
that would be our chance to bridge between the nowadays seperated systems,
accepted for both individual needs, otherwise commercial systems and
microsoft will lead in the future. gnupg is therefor funded in part by the
german ministry of economics to adopt later in civil "government"(?). so
politics is in here, too, dont miss it!
Key ID: 0x31E21ABA www.keys.de.pgp.net
Elektronische Unterschrift ist nach Import meines Stammzertifikats gültig
RICHTLINIE 1999/93/EG DES EUROPÄISCHEN PARLAMENTS UND DES RATES
vom 13. Dezember 1999 über gemeinschaftliche Rahmenbedingungen für
Artikel 5 Abs. 2 i.V.m. §23 SigG "ausländische Produkte"
Produkte der Microsoft Corporation behandeln Signaturvertrauen in diesem
Benutzen Sie besser Open Source Produkte (Linux, etc.)
Digital Signature is valid after importing my Root Certificate by
DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 13 December 1999
on a Community framework for electronic signatures
Code 5 Part 2
Products of the Microsoft Coporation handle signature trust in this case not
Better use open source products (Linux, etc.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96
-----END PGP SIGNATURE-----
More information about the Gnupg-devel