The program was disgracefully badly researched in respect of its
statement that 128 bit (ie. full-strength) SSL (the basis of HTTPS)
is not available in Australia. If Quantum had researched this
properly, they would have had a true and far richer story. Imagine
how Brisbane programmer Eric Young feels about his taxation dollars
funding a program which states so clearly that full-strength SSL is
not available in Australia!
Eric Young's SSLeay library of C code is well respected and available
free of financial and export law restraints. It is the basis of
secure web servers the world over, and now has been integrated with
the Netscape Navigator code to produce the source and binaries for
a full strength crypto web browser for Windows and Linux.
A central aspect of the crypto debate is that the bulletproof
encryption can be achieved entirely in software and that knowledge
of how to do this is not locked up in any one country.
While the explanation of public key crypto was not too bad, their
use of the term "digital signature" was generally totally
misleading. The private key is what you use to digitally sign
things - so you create your digital signature when you want to,
signing text documents as you desire. The signature is not secret.
The private key must be kept secret.
There was not enough emphasis on the central crypto arguments about
government access to keys. They should have stated that no one can
stop serious criminals using full strength encryption, so the
central question is what is there to be gained by forcing law abiding
members of the public to avoid its use and to give the government the
ability to decipher their communications?
The explanation of smart-cards storing the key and doing the signing
on chip was good. What should have been added is that the key should
be generated on the chip and that the chip should be physically
incapable of exporting the private key, or having that key survive
attemtps to physically probe it.
The highlight for me was catching a glimpse of an original copy of
the Walsh Report (I presume thats what it was) on Gerard Walsh's
desk!
It would have been interesting to see the Enigma machine in operation
- and do viewers really need to be reminded that Hitler was a baddie
with those goosestepping troops?
In the time available, the core issues of government access to keys
could have been explored. SSLeay should have been discussed and
indeed celebrated - it is a significant development in the history of
the availability of cryptography. Digital signatures and
authentication could have been better explained, and so could the use
of smart-cards. At least they should have shown a digital signature!
The concepts of key-pair, digital signature, certificate and of
certification authorities could have been explained - with proper
graphics and voice-over, you can do this stuff very well in fewer
words than with plain text.
(There's a crypto tutorial at
http://www.ozemail.com.au/~firstpr/crypto )
I find it intensely frustrating that programs such as this waffle
around in the middle. Not enough concrete material so people
actually understand things. Not enough big-picture material, such
as discussing the central crypto GAK debate. Getting important facts
and explanations totally wrong . . . all while no effort has been
spared on stupid sound effects for things that have no sound, and on
distracting and irrelevant images. For instance they talk about an
Active X (ie Windows) attack on "Quicken" and then show the Mac
version of the program!
There should have been mention of the government's contentious
Gatekeeper proposals too.
There's so much more that you can do with a 25 minute animated gif!
I used to read New Scientist - but it is like an animated-gif these
days too - full of distracting, ugly and irrelevent graphic images,
whilst reporting things relatively shallowly in a gee-whiz fashion
with little or no criticality.
In defence of animated-gifs - there are a few genuinely informative
ones.
http://www.commbank.com.au/CommonImages/CBA-Logo.gif
explains the astronomical basis of the the Commonwealth Bank's
enigmatic corporate symbol.
- Robin
===============================================================
Robin Whittle rw@firstpr.com.au http://www.firstpr.com.au
Heidelberg Heights, Melbourne, Australia
First Principles Research and expression: music, Internet
music marketing, telecommunications, human
factors in technology adoption. Consumer
advocacy in telecommunications, especially
privacy. Consulting and technical writing.
Real World Electronics and software for music: eg.
Interfaces the Devil Fish mods for the TB-303.
===============================================================
