On Mon, 5 Feb 2007, Shachar Shemesh wrote:
Alon Altman wrote:
What if I sign my messages with a public key, but include a
statement in
the message that the signature is only for authentication purposes
only and
does not serve as a commitment to anything written in the message?
I don't know. It may work. It may not. I am not a lawyer.
It MAY be that the authentication is all it really takes to create
binding commitment. After all, if you promise me, orally, to do
something, that's a binding agreement too (for anything but buying
real-estate). The reason all contracts are not made orally is because of
deniability, which does not exist in this case. If that's the case, then
the above disclaimer can be said to be irrelevant.
Or, in short. 'it depends' and the 'legally binding' signature is as
useful as a bandage on a wooden foot. At most, it makes things more
complicated than they already are. That could mean increased legal fees
;-) It also means that using it exposes one MORE than not using to legal
action by an unhappy (or sick) recipient. Therefore using 'chaff'
signatures with an unpublished (and changed often, like once per
message) key or cert all the time can be said to reduce problems. When
the time comes for litigy, you will be asked and if it's an undesirable
request the answer will be 'it is not mine', but if it is your broker
checking that you gave him a sell order, then it will be 'it's mine'
(you can tell this because you will have saved the key used for signing
the message to the broker, as opposed to the others, which will have
been deleted ... - just as an example). Unauthorized persons will only
be able to suspect that the message is probably signed (as are all
others that you will have sent).
The goal of the 'legally binding' signature seems to be to allow legal
transactions via email to proceed. Unintentionally, it has opened the
way for unexpected litigy and for illegal eavesdropping and information
collection (it is very easy to collect all emails with a valid signature
- in the sense of valid gpg etc - as they are a small percentage of the
traffic. Or were, until now, and then use them or sell them to someone
who will use them).
Peter
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
