Security and Privacy (CITS3231) - Tutorial 5

(for the week commencing Monday 14th October 2008)

1. What benefits are there, if any, to self-signed digital certificates?

2. Everyone is all too familiar with spam-email. Not only is it annoying to receive, it consumes network and computer system resources at virtually no cost to the sender. While the Internet remains a "receiver-pays" environment, and while we generally wish to receive email from "reasonable" sources, effort must be expended by the receiver of spam to reduce it.

   Despite the long known advantages of the basic cryptographic building blocks, such as message digests, digital signatures, and digital certificates, none have been effectively employed in eliminating spam. In particular, we remain a long way from the day when all email senders and receivers can authenticate their exchanges using public-key cryptography. Moreover, significant changes to the Internet charging structures, such as "receiver pays, except for email" are probably intractable.

   Devise a scheme, employing one or more of the basic cryptographic building to thwart the senders of spam (implementation is left as an exercise).

3. What possibilities exist for the use of the standard cryptographic building blocks to secure and limit the use of software and digital media, distributed over the web?

   Are perfect solutions possible? If not, to what extent do you think they are feasible?

Chris McDonald