[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RSA in new Apple product�RSA in new Apple product
- To: [email protected]
- Subject: RSA in new Apple product
- Subject: RSA in new Apple product
- From: [email protected]
- Date: Sat, 2 Oct 93 12:13:56 -0500
- Comments: This message DID NOT originate from the address listed inthe From line. It was remailed by an automated remailing serviceoperating at that address. Please report problems by mailing to<[email protected]> with the subject header of PROBLEM.
- Remailed-By: Anonymous <[email protected]>
From a discussion of Powertalk in TidBITS#195/27-Sep-93, an online zine
published by "Adam C. Engst" <[email protected]>:
------------------- forward ---------------------------------------
Key Chain
The Key Chain is the third new Desktop icon and perhaps the most
important PowerTalk feature. It provides quick, transparent access
to any number of password-protected servers or services through a
single system-wide logon password. All applications and services
are integrated with a single security model. For every service,
the user creates a key. Each key has account information,
communications settings (such as. modem settings, addresses, and
system identifiers), and an encrypted password. After this one-
time setup, the user attaches the key to the Key Chain and can
forget the password. From now on, the system will automatically
and transparently connect to the protected service when needed.
Apple feels that this mechanism is especially secure since a user
will find it easier to remember a single, frequently-used password
and will be less likely to write down a list of passwords. At any
time, you can lock the Key Chain by issuing a command or through
an inactivity time-out. When the Key Chain locks, all windows
containing information from protected services are hidden.
Apple claims that PowerTalk is more secure than most other off-
the-shelf software solutions since those use less secure
algorithms to avoid export restrictions. Apple is the first
company to receive an export license for a DES-based product.
A new "I am at..." menu item (e.g. Home, Office, Car, Hotel) lets
the system know which services are accessible and automatically
resets communications settings for Ethernet, modem connection,
packet radio, etc. so the system can continue to transparently
establish connections over available media.
A PowerTalk server can act as a trusted party in establishing
authenticated communications across the net. Network traffic is
encrypted with the RC4 algorithm of RSA and delivered via ASDSP
(Apple Secure Datastream Protocol). ASDSP adds only about ten
percent to the communication overhead. At least in the initial
release, peer-to-peer traffic cannot be encrypted. [Sorry for all
the acronyms! RSA is a company. -Tonya]
Digital signatures, based on RSA Public Key Encryption, provide a
secure way of ensuring data has not been altered and was signed by
a particular person. The mechanism is similar to Kerberos [a
security system developed at MIT -Adam], which was not mature
enough at the critical point in PowerTalk development. Apple
anticipates supporting Kerberos in a future PowerTalk release.
To sign a document, simply drops it on a Signer icon. A prompt for
the personal signer code then appears on the screen. If the
content of the signed document later changes in any way, the
signature becomes invalid. While being signed, a file
automatically is locked to avoid inadvertent invalidation. The Get
Info window of a signed file is used to uncheck the file lock, and
it contains a Verify button with which the recipient can assert
the integrity of the file and authenticity of its signature.
Large companies can become trusted signature issuing agents for
their employees by obtaining a titanium blackbox with key
interlocks from RSA. The box contains a certain number of key
combinations and can be connected to a Macintosh which runs an
RSA-signed signature issuing application. Individuals can acquire
a personal signature code through a notary. RSA always is at the
root of the issuing process and signatures expire after two years.
The issuing cost of a digital signature runs about $25.
One limitation of the signature mechanism, at least in the initial
implementation, is that only one signature can be attached to a
document. This may be worked around by designing forms such that
each signatory vouches for the authenticity of the previous
sender's signature.
For an APS price list, send email to: <[email protected]>
For information on TidBITS: how to subscribe to our mailing list,
where to find back issues, how to search issues on the Internet's
WAIS, and other useful stuff, send email to: <[email protected]>
Otherwise, contact us at: [email protected] * CIS: 72511,306
AppleLink & BIX: TidBITS * AOL: Adam Engst * Delphi: Adam_Engst
TidBITS * 1106 North 31st Street * Renton, WA 98056 USA
----------------------------------------------------------------