Stream: smart/health-cards
Topic: Tamper Proof
Nathan Bunker (May 19 2021 at 17:08):
I'm being asked to prepare a 3-5 minute technical explanation to a non-technical audience of state health department folks to explain why a VCI credential is "tamper proof". I'm looking for any help in explaining this without introducing too many concepts.
My plan is to introduce the word "digital signature" and have everyone understand that the same information issued by two different parties would have a different digital signature, and while it is possible to change the content of the information it's not possible to re-create the correct signature for the original signer. So you can be sure that the information presented is what was issued by the original issuing system.
Does anyone have a good metaphor or elevator-pitch length explanation that you have used successfully to explain the concept above?
Josh Mandel (May 19 2021 at 17:10):
I think your plan above is right. A sometimes-helpful metaphor (at a certain level of abstraction) is a "notarized document" in the physical world. But I usually try to provide just enough technical insight (as you do in your example above -- "if you try to change the contents, the signature won't match anymore. only somone in possession of the issuer's key can create a valid signature.")
Christian Paquin (May 19 2021 at 17:37):
Josh Mandel said:
But I usually try to provide just enough technical insight (as you do in your example above -- "if you try to change the contents, the signature won't match anymore. only somone in possession of the issuer's key can create a valid signature.")
It would be good to add this elevator pitch explanation, whichever emerges, to the security FAQ. There are some nice overview videos out there, but it will be interesting to have a crisp FAQ level answer. I'll think of something on my side...
Nathan Bunker (May 19 2021 at 18:24):
I love ComputerPhile and NumberPhile, they put together great videos.
Whatever I create, I'll be happy to post here and then if it makes sense to put in the security FAQ. Happy to share it wherever it makes sense.
The challenge we are having is that our community can't act on this until they understand it, and at every level there are very basic questions that are stopping people from deciding to move forward with this project.
Paul Denning (May 19 2021 at 18:33):
tamper-evident if not tamper-proof https://www.bbcapliners.com/images/temper-img.jpg
Christian Paquin (May 19 2021 at 18:48):
Nathan Bunker said:
The challenge we are having is that our community can't act on this until they understand it, and at every level there are very basic questions that are stopping people from deciding to move forward with this project.
It'd be useful to compare with existing signature deployments, e.g., "same technology that is used to authenticate web sites over https".
Last updated: Apr 12 2022 at 19:14 UTC
