[openstandaarden] certipost (2)

David GLAUDE dglaudemailing at gmx.net
Sat Jul 19 23:26:16 CEST 2003 

I don't know if the real problem of certipost is standard compliance or 
accessibility from various platform, operating system, browser.

One of the issue is the link with the electronic id card... (Who is the 
certification authority? Who choosed or created the public/private key? 
Are there potential copy of my private key under somebody else control? 
When I authenticate using the electronic id card, how can I know I am 
not signing a message [it is the same PIN and same card], ...)

My problem is that we can not assume the same thing from electronic mail 
(or web form of it) than from paper mail.

With a web version, it is not because I have click on the mail or pdf 
that I was able to read it. My computer could have crash, maybe I don't 
support that format, maybe my connexion was disconnected, ... However 
certipost might assume I readed it.

If send by email, then how can one have a garantee that a mail as been 
received. There are no requirement for acknowledgment in SMTP, you don't 
have the same relyability than in X.400.

It is a lot easyer to hack my electronic mailbox than to hack my paper 
mailbox. If one break the secrecy of my paper mailbox, it is easy to 
bring him to justice, but with electronic, proof are hard to get.

For those that understand frech, I documented things mostly on those two 
wiki pages:
* http://wiki.ael.be/index.php/IdCardAnalyseCritique
* http://wiki.ael.be/index.php/IdCardQuestions

Not much on Certipost but maybe much on public key infrastructure and 
the electonic Id card.

So if don't like certipost, make sure you know why you don't like it. ;-)

David GLAUDE

Ward Vandewege wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Sorry, blijkbaar klopt de informatie van de Cursor niet volledig. Hier komt
> dat 'windows & IE only' verhaal vandaan:
> 
>   http://www.certipost.be/nl/products/certipost/specs.html
> 
> Maar er staat 'officieel' bij, m.a.w. de rest zou ook kunnen werken. Dat
> blijkt ook hieruit, waar voor Linux & Mac gebruikers het blijkbaar enkel een
> kwestie van de juiste Java versie is:
> 
>   http://www.certipost.be/nl/help/public/browsers/content.jsp?sLanguageCode=nl#1
> 
> mvg,
> Ward.

-- 
Don't let the computer/expert control the election
Information for Belgium in french: http://www.poureva.be/

More information about the Openstandaarden mailing list