on the term `signature'
Consider the term `signature' in the conventional connotation of a handwritten scrawl. What are the *critical* properties of a handwritten signature of a person [x]? 1) no person [y] can `forge' the signature of [x] 2) the signature of [x] is unique to [x] Look closely at (2). What value would `signatures' have in our society if they could not be traced to unique individuals? Virtually everyone here will probably say `no problem' but this aspect is a very critical aspect of the legal basis for signatures as a certificate of identity. If a person cannot be traced based on their digital signatures, where is the accountability? What if a person signs a document with a `digital signature' and *breaks* that contract? you have no recourse unless the identity is ultimately identifiable and you can take `that body' to court. This `two way street' is the crucial ingredient for the legal value of handwritten signatures. A person can indicate they consent to an agreement or certify something as genuine originating from themselves (one way). But on the other hand, if the agreement is broken or there is some question of authenticity *independent* of the signature (i.e., suppose someone has broken the signature security) there is recourse in retracing the path back to the original signer (the other way). Many here are championing that the loss of (2) with `digital signatures' and completely untracable identities is `liberating'. But there is a price to pay, perhaps very great. It is simply an unworkable system anywhere serious accountability is required (such as related to a job, etc.) Sure, if all people want to do is get into twisted debate contests, the absence of (2) certainly encourages it (speaking from experience). Because digital signatures alone are not really strictly analogous to written signatures because of the lack of property (2) above, perhaps a better term would be `identification tag'. Adding the guarantee that a given signature can be traced back to a human entity, with the use of a database or otherwise, makes them truly `digital signatures'. please cc: me in any replies.
L. Detweiler () writes:
Consider the term `signature' in the conventional connotation of a handwritten scrawl. What are the *critical* properties of a handwritten signature of a person [x]?
1) no person [y] can `forge' the signature of [x] 2) the signature of [x] is unique to [x]
Well (2) is untrue since I know people who can forge signatures with great precision (even my own). Since we're going for an ideal Brave New Cyberspace where forging ids is impossible, I've got some suggestions. These should make you very happy: 1) Phase out handwritten signatures in society and switch to finger prints, retinal scan, and DNA codes. Whenever you sign anything, the store/business/ govt office will require a blood test (for DNA), retina scan, and finger print. With today's technologies, these can be made painless and quick. 2) Require everyone to have a global positioning tracker installed under the skin so they are "accountable" at all times. This worked great in demolition man. 3) Mandatory caller-id, video-id for everyone. No one should be able to make calls without the other person knowing who you really are. Payphones should have finger print/retinal scanners for verification. 4) all new computers should come equipped with finger print recognizing keyboards. No more spoofed messages posted on people who leave their terminals accidently logged in (in the computer lab) 5) get rid of cash! we can't have unaccountable transactions taking place in the economy. Banish the free market. Nationalize all businesses under NSA control.
If a person cannot be traced based on their digital signatures, where is the accountability? What if a person signs a document with a `digital signature' and *breaks* that contract? you have no recourse unless the identity is ultimately identifiable and you can take `that body' to court.
Get a clue for god's sake. Digital signatures won't exist in a vacuum. No one is going to accept the validity of a signature unless it is signed by some trusted/certified authority and that authority would be liable for the person's true name or actions. This is exactly how Apple's new DSA system works. I'm starting to think someone is pseudospoofing you because your posts have become so idiotic it reads like a satire. Are you really the same person who wrote the anonymity faq? -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc@gnu.ai.mit.edu | - Zetetic Commentaries --
-----BEGIN PGP SIGNED MESSAGE----- In a list message, Ray Cromwell wrote:
Get a clue for god's sake. Digital signatures won't exist in a vacuum. No one is going to accept the validity of a signature unless it is signed by some trusted/certified authority and that authority would be liable for the person's true name or actions.
This is exactly how Apple's new DSA system works.
Actually, not. Apple's PowerTalk environment uses persona certificates right now, although entities may buy RSA's Safekeeper boxes ("tamperproof" titanium key generators) to generate actual warranted keys. All a persona certificate says is that key X belongs to person Y. No warranty, express or implied, is granted. If I have a persona certificate, say, from Dun & Bradstreet, all D&B is claiming is that the key on that certificate belongs to *me*. They could potentially be liable if the key actually belonged to someone else, but they wouldn't be liable if I used that key to embezzle $10M from the EFF Digital Credit Union. - -Paul - -- Paul Robichaux, KD4JZG | Caution: cutting edge is sharp. Avoid contact. Intergraph Federal Systems | Be a cryptography user - ask me how. ** Of course I don't speak for Intergraph. ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLMvSqSA78To+806NAQEiaQQA5GufDI2U3MOLL9r4APbukz8GZeP3rEkQ X8NIuOkihCz3DXbllyneUFaIxKuZ9RJdOFswypDIdQMNPvNACXysYpCv++/dQt5/ Lrn93pv66ksh4AaDo69EfvCHnMJd4CkJWMx37z11sXHfl+JvAIFp5VAKfgNNvmn5 zsY8fpg9dsI= =ohfr -----END PGP SIGNATURE-----
participants (3)
-
L. Detweiler -
paul@poboy.b17c.ingr.com -
rjc@gnu.ai.mit.edu