Re: Should IETF do more to fight computer crime?

[Jacob Palme]

At 18.28 +0200 0-05-22, [EMAIL PROTECTED] wrote:
>I would hope that any software I use, that is able to put
>my digital signature on some data, would ask me for my
>pass-phrase every time my private key is used. I would
>even hope that such software wouldn't be able to use my
>private key without the pass-phrase, otherwise anybody
>with access to my computer could easily forge my signature.

It is not easy to design encryption software which cannot
be corrupted by viruses. A virus could catch your passphrase,
and then use it itself for nefarious purposes. That is why
many people want to use smart cards. But I am not sure they
are secure. A virus could catch the communication to and
from your smart card. And developers of smart cards seem
to want to put so much functionality in the card itself,
that it becomes open to viruses in itself.

-- 
Jacob Palme <[EMAIL PROTECTED]> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/