D. Owen Rowley writes:
From: rjc@gnu.ai.mit.edu (Ray)
L. Detweiler () writes:
Consider the term `signature' in the conventional connotation of a handwritten scrawl. What are the *critical* properties of a handwritten signature of a person [x]?
1) no person [y] can `forge' the signature of [x] 2) the signature of [x] is unique to [x]
Well (2) is untrue since I know people who can forge signatures with great precision (even my own).
However if they forged your name on one of your checks, you wouldn't take such a blase attitude to it would you?
First, they'd need to be able to get one of my checks, which if they were digital, would be as hard as getting my private key. If you're going to allow for private keys to be stolen, you may as well forget about crypto. It's like saying "what if someone stole cash out of your wallet, how would you find them and prosecute them." Cash is already relatively untracable so you argument against crypto is irrelevent. (unless you also want to make an argument against coins/dollars)
And in such a case you have an opprtunitty to prosecute them for their criminal act of forgery should you be able tpo prove it.
If someone steals one of your checks and forges a signature, how the hell are you going to catch them anyway? Unless you knew a check was stolen (in which case you'd notify the bank), your situation is hopeless. Likewise, with digital signatures, if someone gets you're private key, you simply issue a cancellation of the key and notify the digibank. The first time someone attempts to forge a signature (on a digicheck) and cash it, the bank nabs them. I make the claim that current checks can be forged by an intelligent criminal more easily than a digital one could.
Digital signature systems need to include the ability to track and succesfully prosecute criminal forgery, or digital signatures are worthless for transactiuons that require reliable accountability. IMNSHO
How do you forge a digital signature without having the private key of your victim? I think you are overlooking the obvious. I'd like the hear what your version of accountability means. Digital Cash systems protect the honest man, and only reveal an identify if you are dishonest. Detweiler's argument sounds like he wants an escrow-like system whereby if a forgery is detected, you get a search warrant and the issuing authority reveals your true name. If this is the case (identity being protected by the trust of an ecrow, not mathemtical security), Detweiler has no right to oppose clipper also.
What makes you think that the bleak vision of the future reflected in your satire above isn't exactly what the typical power/control-freak government types want to impose?
I also think it is the eventual future that "risk-fee" freaks want to impose. In order to eliminate the possibility of pseudospoofing on the net you need Draconian measures. I think the level accountability of any person should depend on the type of transaction he is engaging in and what the other person demands. In other words, it's a private matter. The average level of accountability will arise out of the sum of all those private transactions -- spontaneous order. However, unlike Detweiler, I think both accountability, privacy, and pseudonyms are compatible. I don't see any need to bring someone's True Name into it.
If a person cannot be traced based on their digital signatures, where is the accountability? What if a person signs a document with a `digital signature' and *breaks* that contract? you have no recourse unless the identity is ultimately identifiable and you can take `that body' to court.
Get a clue for god's sake. Digital signatures won't exist in a vacuum. No one is going to accept the validity of a signature unless it is signed by some trusted/certified authority and that authority would be liable for the person's true name or actions.
right, so where are the systems that certify trust and authenticity?
Well, for starters there is PGP. Then there's the Apple/RSA thingy which requires notarized documents. -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc@gnu.ai.mit.edu | - Zetetic Commentaries --