Tony Finch wrote:
On Wed, 20 Feb 2008, Philip Newton wrote:
The problem is that a forged signature does *not* record the assent of
the purported signer, and that you can't tell them apart if all you
have is a digital document that was supposedly scanned in from a piece
of paper.
Right. If you dispute the legitimacy of a forged contract, and you can't
resolve the problem with the other parties, then it becomes a matter for
the civil or possibly criminal courts. This is not a problem of computer
technology or telecommunications technology: you can also forge
paper-and-pen documents. This is why signatures on important documents
have witnesses, so that there are disinterested third parties who can
stand up in court to say what actually happened.
I know, let's prop up an insecure, inefficient system which invites fraud and
forgeries with lots of laws and courts and laywers and notaries. Rather than
fix the security hole, we'll just make exploiting it illegal. Because if you
make it illegal then it goes away. THAT ALWAYS WORKS!
Let's also ignore the consequences of international business deals where it's
nigh impossible to verify a reliable witness and also muddy up the legal
situation with multiple jurisdictions.
While we're at it, let's set up businesses so they have no idea how to use the
cryptographically secure system. [1] Throw in some FUD about the ambiguous
legal status of digital signatures for good measure.
[1] In this case, a domain registrar. So it's not like they don't know these
computery things.
--
You know what the chain of command is? It's the chain I go get and beat you
with 'til you understand who's in ruttin' command here.
-- Jayne Cobb, "Firefly"
