On Wednesday 01 June 2005 15:07, [EMAIL PROTECTED] wrote: > Ian G writes: > | In the end, the digital signature was just crypto > | candy... > > On the one hand a digital signature should matter more > the bigger the transaction that it protects. On the > other hand, the bigger the transaction the lower the > probability that it is between strangers who have no > other leverage for recourse.
Yes, indeed! The thing about a signature is that *it* itself - the mark on paper or the digital result of some formula - isn't the essence of signing. The essence of the process is something that lawyers call "intent" (I'm definately not clear on these words so if there are any real lawyers in the house...). And, when the dispute comes to court, the process is not one of "proving the signature" but of showing intent. And as the transaction gets bigger, the process of making and showing intent gets more involved, more complex. So it is naturally ramped up to the transaction, in a way that digsigs just totally miss out on. Which means that the digital signature school got it completely wrong. A digital signature is only "just one more" element in a process that is quite complex, involved, and goes back into history more years than we can count. It is therefore completely unlikely that a digsig will ever replace all that; however it is quite possible that a digsig could comfortably add a new element to that process. (Speaking here of common law, which is not universally applicable...) > And, of course, proving anything by way of dueling > experts doesn't provide much predictability in a jury > system, e.g., OJ Simpson. And this is where we found for example the OpenPGP cleartext digital signature to be the only one that has any merit. Because it can be printed on paper, and that piece of paper can be presented to the jury of an O.J.Simpson style case, or even a Homer Simpson style case, this carries weight. An OpenPGP clear text signature carries weight because it is there, in black and white, and no side would dare to deny that because they know it would be a simple matter to go to the next level. But any other form of non-printable digital signature is not "presentable" to a jury. What are you going to do? Throw a number in front of a jury and say its a signature on another number? It's a mental leap of orders of magnitude more effort, and there are many ways the "other side" could sidestep that. iang PS: To get this in x.509, we coded up cleartext sigs into the x.509 format. -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]