dna ink

Eric Hughes eric at remailer.net
Tue Feb 7 11:28:01 PST 1995

   From: "Perry E. Metzger" <perry at imsi.com>

   Digital "signatures" are the first real unforgeable authentication
   technology mankind has developed.

Impossibility is a pretty strong concept, and here, as elsewhere, it's
an exaggeration.  Digital signatures are not unforgeable.  If you
steal the private key, you can forge signatures.  The unforgeability
is exactly as great as the strength of the container where the private
key lies.  The issue of incarnation, if you will, is perhaps the
single most important issue for actual deployment.

It's a matter of economics.  The cryptographic barrier is
insurmountable, but it's not the only barrier.  So don't try to breach
the cryptography; try to breach one of the other elements of the

[Perry, I promise it's not personal; it just _seems_ like I'm
nit-picking on everything you write this week.]

A remark on the meaning of forgery.  Let me rewrite what Perry said:

   Digital "signatures" are the first authentication technology
   mankind has developed where forgery is impossible to detect.
An indistinguishable signature can still be a forged signature.  A
forged signature is one that is made by the wrong person.  If the
wrong person gets the private key, signatures made by that person are
forgeries, even though nobody can tell them apart.

This point is not merely pedantic.  The concept of forgery adheres to
the person committing the act, not the act itself.  A piece of data
which presents itself as a signature, but which does not pass the
verification process, is not a forged signature but an invalid one.

The external inability to distinguish proper digital signatures from
forged ones has profound effect on the legal interpretations of the
physical signing device (hardware+software).  I wish only to point
this out and leave discussion to another thread.


More information about the cypherpunks-legacy mailing list