-----BEGIN PGP SIGNED MESSAGE----- In <88650932615058@cs26.cs.auckland.ac.nz>, on 02/04/98 at 01:35 AM, pgut001@cs.auckland.ac.nz (Peter Gutmann) said:
The implications of that last point can be quite serious. Take for example the Utah digital signature act, which was used as a model by a number of other states who implemented or are implementing digital signature legislation. Under the Utah act, digitally signed documents are given the same evidentiary weight as notarised documents, and someone trying to overcome this has to provide "clear and convincing evidence" that the document is fraudulent, which is difficult since it bears a valid signature from the users key (this fact has been used in the past to criticise digital signature laws based on this act). In addition, under the Utah act and derived acts, anyone who loses their private key bears unlimited liability for the loss (in contrast, consumer liability for credit card loss is limited to $50). This leads to the spectre of a malicious attacker who has the ability to issue notarised documents in your name for which you carry unlimited liability. This is a lot more important than someone reformatting your hard drive, or stealing last months sales figures.
I have raised concerns in the past over the rush to pass Digital Signature Laws in various states. These laws have not been well though out nor did they stand the rigors of peer-review of the crypto community before they were passed into law. IIRC one of the states considered *encryption* alone to be a *legal* signature!!! I will not be using digital signatures for anything other than authentication of messages. For legal documents I will stick to the old fashion pen and paper with witnesses and a notary. Just as a side note: Micro$loth is unfit to secure an outhouse let alone somthing as important as network and data security (are these fools still claiming C2 for NT?). I have never seen such overwhelming incompetence and complete arrogance than what is centered in Redmond (IBM may be arrogant but at least they are technically competent). - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- Tag-O-Matic: Windows? WINDOWS?!? Hahahahahehehehehohohoho... -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNNcZF49Co1n+aLhhAQHZGAP/d5qdnlJYEt6uXh2srSf2ELc4rAle9aX5 p49t7PgGIaCpMY8YIYsFS5+nFoeHwUmlBNrEvUJQoQ2jrEgUp7B7Xv+VZB38qLma L0oeyICDe7bw6iMjKJ88gsqcHSghPhu7qhSI68e7CffwBWDh3N4Uc5PMQSMzztLZ GdKH6QmvN7k= =NV74 -----END PGP SIGNATURE-----