When encryption is also authentication...

Thu May 30 08:33:41 PDT 2002

I ain't got that much schooling in these here matters, but it seems to me
that
in terms of the agreements, online agreements are pretty slacking when it
comes to verifying
that the end user actually read the document.

Most agreements online take advantage of the fact that a user is going to
skip reading the document
and jump straight to the "Agree" button.

If the end user insists on e-signing a document without having read it it is
there perogative,
but I think there should be a better system in place to insure that they
either read it or that
they did not read it but agree anyway.

Something along the lines of timers (set to an average number of minutes it
takes to read the average contract),
a keyword in the document itself that forces the user to peruse the document
to find the keyword, or at least
force the user to type "Agree" rather than just click a button.

But hey, realistically speaking, I doubt there is much enforcement going on
regarding these online contracts.
Do we want the Federale involved in how these contracts are designed or is
the industry going to self police?

CW

-----Original Message-----
From: owner-cypherpunks at ssz.com [mailto:owner-cypherpunks at ssz.com]On
Behalf Of Curt Smith
Sent: Wednesday, May 29, 2002 12:21 PM
To: cypherpunks at lne.com
Subject: CDR: Re: When encryption is also authentication...

I agree that the signer does not need to understand the
mathematics or underlying technology for digital signatures to
be viable.  However, what good is an agreement when the parties
do not know what the terms of the agreement are?  A signature
(digital or otherwise) generally indicates that the signer not
only made an agreement, but also understood the agreement.

A digital signatures must involve a conscious decision by the
signer to keep their part of an agreement.  I maintain that
this requires user intervention to verify that the signer knew
that they making an agreement - a "click of understanding" or
pass phrase.

Curt

--- Mike Rosing <eresrch at eskimo.com> wrote:
...
> Having it be "transparent" where the user doesn't need to
know
> anything about how it works does not have to destroy the
> effectiveness of digital signatures or crypto.  When people
> sign a document they don't know all the ramifications because

> few bother to read all of any document they sign - most of it

> won't apply as long as you keep your part of the bargin,
> so why bother?
>
> The same thing should be true of digital signatures.  The
> user shouldn't have to know a thing, other than they've made
> a promise they better keep or all the bad clauses really do
> apply, and the proof of their signature will come to haunt
> them.  The way the digital signature works does not
> matter to them, and it shouldn't need to.
>
> If digital crypto, signatures or e-cash are going to get into
> mass appeal, then their operations will be "magic" to the
> majority.  And it all has to work, to 1 part in 10^8th or
> better, without user comprehension.
>
> It may well take "user intervention" to create a signature,
> but they shouldn't have to know what they are doing.
>
> Patience, persistence, truth,
> Dr. mike

=====
end
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com