Schneier's piece does a good job of listing some of the problems with digital signatures, but he really throws the baby out with the bathwater when he concludes that "Digital signatures aren't signatures." This has been his habit lately. The book _Secrets and Lies_ is filled with plenty of handwringing about how no computer security system is ever going to be good enough. The standards he applies to digital signatures are much too severe. I think that even pen-and-ink signatures wouldn't pass, a conclusion that would lead to the strange sentence, "Signatures aren't signatures and they can't fulfill their promise." The law is very vague about the definition of signatures. It's simply a mark that is made with the intent of binding yourself to a contract. That means the old 'X' scratched on a piece of paper can still bind the illiterate. Mathematicians and computer security folks will probably recoil in horror about the circularity of the whole scheme, but that's the best the law could develop during the pen-and-ink years. It is certainly possible to concentrate upon the ways that digital signatures can fail. Anyone who finds out the secret key can forge signatures with impunity. Anyone who hacks into a system can sneak things past a signer. But these techniques can also work with pen-and-ink signatures. Kids frequently learn to forge their parents' signatures on notes, tests, and permission slips. Skilled forgers can be quite adept. Most managers develop a stupid quick scrawl that is simple to copy. Pen-and-ink signatures are also easy to abuse. You can trace another signature. You can use a projector to place an image of the signature on a paper for tracing. You can cut and paste the signature using scissors and glue before you photocopy the paper. The opportunities are easy to exploit. To put it as Bruce does, a pen-and-ink signature does not authenticate the link between Alice and the paper. To make matters worse, pen-and-ink signatures do not preclude someone from changing the inside of a contract. That's why each side of the deal keeps a copy. If one copy disappears, though, all bets are off. Anyone can insert pages, replace pages, and generally create mayhem. At least digital signatures are not this easy to subvert. There is a well established network of signature experts who testify in court. While I guess it's sad that digital signatures will lead to a similar cadre of professional expert cryptographers, I'm not willing to simply state that digital signatures shouldn't be considered signatures. Unfortunately, this can be all that we have sometimes. -- -------------------------- Tune to http://www.wayner.org/books/ffa/ for information on my book on Free Software.