Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)

[Peter Wayner]

>

Schneier's piece does a good job of listing some of the problems with 
digital signatures, but he really throws the baby out with the 
bathwater when he concludes that "Digital signatures aren't 
signatures." This has been his habit lately. The book _Secrets and 
Lies_ is filled with plenty of handwringing about how no computer 
security system is ever going to be good enough.

The standards he applies to digital signatures are much too severe. I 
think that even pen-and-ink signatures wouldn't pass, a conclusion 
that would lead to the strange sentence, "Signatures aren't 
signatures and they can't fulfill their promise."

The law is very vague about the definition of signatures. It's simply 
a mark that is made with the intent of binding yourself to a 
contract. That means the old 'X' scratched on a piece of paper can 
still bind the illiterate. Mathematicians and computer security folks 
will probably recoil in horror about the circularity of the whole 
scheme, but that's the best the law could develop during the 
pen-and-ink years.

It is certainly possible to concentrate upon the ways that digital 
signatures can fail. Anyone who finds out the secret key can forge 
signatures with impunity. Anyone who hacks into a system can sneak 
things past a signer. But these techniques can also work with 
pen-and-ink signatures. Kids frequently learn to forge their parents' 
signatures on notes, tests, and permission slips. Skilled forgers can 
be quite adept. Most managers develop a stupid quick scrawl that is 
simple to copy.

Pen-and-ink signatures are also easy to abuse. You can trace another 
signature. You can use a projector to place an image of the signature 
on a paper for tracing. You can cut and paste the signature using 
scissors and glue before you photocopy the paper. The opportunities 
are easy to exploit. To put it as Bruce does, a pen-and-ink signature 
does not authenticate the link between Alice and the paper.

To make matters worse, pen-and-ink signatures do not preclude someone 
from changing the inside of a contract. That's why each side of the 
deal keeps a copy. If one copy disappears, though, all bets are off. 
Anyone can insert pages, replace pages, and generally create mayhem. 
At least digital signatures are not this easy to subvert.

There is a well established network of signature experts who testify 
in court. While I guess it's sad that digital signatures will lead to 
a similar cadre of professional expert cryptographers, I'm not 
willing to simply state that digital signatures shouldn't be 
considered signatures. Unfortunately, this can be all that we have 
sometimes.
-- 
--------------------------
Tune to http://www.wayner.org/books/ffa/  for information on my book 
on Free Software.