At 08:25 AM 7/19/2004, Jerrold Leichter wrote:
A traditional "notary public", in modern terms, would be a tamper-resistant
device which would take as inputs (a) a piece of text; (b) a means for
signing (e.g., a hardware token). It would first present the actual text
that is being signed to the party attempting to do the signing, in some
unambiguous form (e.g., no invisible fonts - it would provide you with a
high degree of assurance that you had actually seen every bit of what you
were signing). The signing party would indicate assent to what was in the
text. The notary might, or might not - depending on the "means for signing" -
note that some of the online click-thru "contracts" have been making attempt to address this area; rather than simple "i agree"/"disagree" buttons ... they put little checkmarks at places in scrolled form .... you have to at least scroll thru the document and click on one or more checkmarks .... before doing the "i agree" button. a digital signature has somewhat higher integrity than simple clicking on the "i agree" button ... but wouldn't subsume the efforts to demonstrate that a person was required to make some effort to view document. Of course in various attack scenarios ... simple checkmark clicks could be forged. However, the issue being addressed isn't a forging attack ... it is person repudiating that they read the T&Cs before hitting the "I agree" button.
With the depreciating of the "non-repudiation" bits in a long ago, and far away manufactured certificates (which has possibly absolutely no relevance to the conditions under which digital signatures are actually performed) .... there has been some evolution of "non-repudiation" processes. An issue for the "non-repudiation" processes is whether or not the person actually paid attention to what they were "signing" (regardless of the reason).
An issue for relying parties is not only was whether or not there was some non-repudiation process in effect, but also does the relying party have any proof regarding a non-repudiation process. If there is some risk and/or expense associated with repudiation might occur (regardless of whether or not it is a fraud issue), then a relying party might adjust the factors they use for performing some operation (i.e. they might not care as much if it is a low-value withdrawal transaction for $20 than if it was a withdrawal transaction for $1m).
some physical contracts are now adding requirement that addition to signing (the last page), that people are also required to initial significant paragraphs at various places in the contract.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
