On 12/18/2008 01:09 PM, Kyle Hamilton:
Why does everything have to have an explicit 'threat model' before cryptography can be applied? In my view, cryptography is useful for MUCH more than just "protecting against potential attack".
Kile, I think that's correct and the protection/confirmation/assurance you are seeking are perfectly valid reasons for signing. By no means must signing a document have always military-style, executable legal implications. Intend and content matter in such cases.
I'm signing my mail usually in order to confirm that it's from me and that it wasn't modified. I usually also take care that I can stand behind what I write and would dispute something taken out of context or that an email would bind me legally in a similar way an explicit contract would. For such I write contracts (which I may eventually sign digitally too).
I this context I believe that a signature with a Class 1 certificate would certainly have no legal meaning, whereas Class 2 or higher might have if used in the corresponding context (sorry for freely applying StartCom jargon here). This however depends also on the local legislation of course.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto