I ain't got that much schooling in these here matters, but it seems to me that in terms of the agreements, online agreements are pretty slacking when it comes to verifying that the end user actually read the document. Most agreements online take advantage of the fact that a user is going to skip reading the document and jump straight to the "Agree" button. If the end user insists on e-signing a document without having read it it is there perogative, but I think there should be a better system in place to insure that they either read it or that they did not read it but agree anyway. Something along the lines of timers (set to an average number of minutes it takes to read the average contract), a keyword in the document itself that forces the user to peruse the document to find the keyword, or at least force the user to type "Agree" rather than just click a button. But hey, realistically speaking, I doubt there is much enforcement going on regarding these online contracts. Do we want the Federale involved in how these contracts are designed or is the industry going to self police? CW -----Original Message----- From: owner-cypherpunks@ssz.com [mailto:owner-cypherpunks@ssz.com]On Behalf Of Curt Smith Sent: Wednesday, May 29, 2002 12:21 PM To: cypherpunks@lne.com Subject: CDR: Re: When encryption is also authentication... I agree that the signer does not need to understand the mathematics or underlying technology for digital signatures to be viable. However, what good is an agreement when the parties do not know what the terms of the agreement are? A signature (digital or otherwise) generally indicates that the signer not only made an agreement, but also understood the agreement. A digital signatures must involve a conscious decision by the signer to keep their part of an agreement. I maintain that this requires user intervention to verify that the signer knew that they making an agreement - a "click of understanding" or pass phrase. Curt --- Mike Rosing <eresrch@eskimo.com> wrote: ...
Having it be "transparent" where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because
few bother to read all of any document they sign - most of it
won't apply as long as you keep your part of the bargin, so why bother?
The same thing should be true of digital signatures. The user shouldn't have to know a thing, other than they've made a promise they better keep or all the bad clauses really do apply, and the proof of their signature will come to haunt them. The way the digital signature works does not matter to them, and it shouldn't need to.
If digital crypto, signatures or e-cash are going to get into mass appeal, then their operations will be "magic" to the majority. And it all has to work, to 1 part in 10^8th or better, without user comprehension.
It may well take "user intervention" to create a signature, but they shouldn't have to know what they are doing.
Patience, persistence, truth, Dr. mike
===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com