I've just been reminded of Stefan's post that Microsoft are looking at blinded signatures. To add to that, I've heard related rumours. Firstly, that they are planning to introduce some sort of generic blinding signature technology in the (northern) summer browser release ("Longhorn"). That is, your IE will be capable of signing for you when you visit your bank.
Now, anyone who's followed the travails and architectural twists and turns of the Ricardian contract - with its very complete and proven signature concepts - will appreciate that this is a hard problem. You don't just grab a cert, open a document, slap a sig on it and send it off. Doing any sort of affirming signature - one where the user or company is taking on a committment or a contract - is a serious multi-disciplinary undertaking that really challenges our FC neurons to the full. Add that to Microsoft's penchant for throwing any old tech into a box, putting shiny paint on it and calling it innovation, and I fear the worst.
We shall see. Secondly, buried in another area (discipline?) totally, there is yet another set of rumours in interesting counterpoint. It appears that Microsoft is under the bright lights of the Attornies General of the US of A over spyware, malware, and matters general in security. (Maybe phishing, I wasn't able to tie that one down.) And this time, they have the goods - it appears that not only is Microsoft shipping insecure software, which we all knew anyway, but they are deliberately leaving back doors in for future marketing purposes, and have been caught in the act.
Well, you know how these rumours are - everyone loves to poke fun at big guy. So probably best to write this lot down as scurrillous and woefully off the mark. Or I hope so. I fail to see how Microsoft are ever going to win back the confidence of the public if they ship signing tech with an OS full of backdoors. What do we want to sign today?Posted by iang at May 12, 2005 06:59 PM | TrackBack