> crypto non-repudiation can show it came from your machine I certainly agree with this, but you can restrict what "your machine" is so that it's a lot better than just "came from a particular PC" or "came from a particular mainframe". For example, the private key may be stored in something you carry and control yourself, like a smart card or cell phone (maybe even the secure enclave in the phone), and digital signatures can be computed in that same device. The smart card can be PIN-protected, and similarly a cell phone can require authentication. This isn't 100% secure, but it's not bad in most cases - there are several possible attack vectors, but they generally aren't easy. On the mainframe, of course, you can use something like RACF to control access to / use of the private key. Again, not perfect by any means, but not bad.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN