At 11:14 AM -0800 11/16/00, Ray Dillinger wrote:
According to current law in all nations (as far as I know), identity is meat. One person has one identity, and the identity is persistent and lifelong. All law is based on this assumption.
Not so fast. Corporations sign legally-binding contracts every day. Institutions enter into leases, contracts, agreements, and other legally-binding arrangements. And the issue of their "identity" is not a matter of _meat_. We don't absolve Boeing of contracts because the guy who signed a contract, or even the N guys, are dead. Q.E.D., signatures are more than just meat. And Boeing's _identity_, vis-a-vis things it signs, is more than just meat. Usually we say that Boeing's signing officers/authorities, those who enter the signatures on relevant documents, are authorized to do so by Boeing. There is much case law about all of this, I'm sure. (I've read anecdotal reports about how corporate mergers involve large teams of lawyers and officers of all parties signing a blizzard of documents, and in carefully controlled order so as to minimized chances for deadlock or fraud. A complicated protocol, one which crypto may _someday_ be part of.) A guy somewhere in Boeing who uses his PGP signature on some document is neither assumed automatically to be committing Boeing to some contract ("...it depends") nor would his death (the meat is gone) mean that Boeing is free to ignore some contract ("...it depends"). I'm obviously not a lawyer. Some here are. But this is still a specialty area. Moreover, this is very little relevant case law. Schneier's warnings are useful, but, as others have said, is obvious to nearly anyone. We on this list began talking about this issue in 1992. There will be much case law, much role for the crypto equivalient of "handwriting experts," as the years go by. And we can expect a spectrum of signing technologies and strengths. For example, the mundane auto-signing which someone may use for their e-mail is substantially less persuasive ("probative," I think the lawyers would say) than an ultra-high-security, backed-with-a-bond key which Boeing's Legal Department uses to digitally sign sensitive papers. I believe Greg Broiles is still working for Signet Assurance, www.sac.net, which is one company tackling parts of this problem. Whether they will be a dominant player is of course unknown to me. Anyway, lots of issues. But "meat" is one of the least important issues. --Tim May -- (This .sig file has not been significantly changed since 1992. As the election debacle unfolds, it is time to prepare a new one. Stay tuned.)