This reminds me of the time I was curious if the bank even checked signatures on the checks. I signed 6 of them as "Mickey Mouse". They all cleared, except for one. That was a $20 lesson (rejected check bank fee).
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Von Fugal Sent: Friday, December 03, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: Re: [uug] Free Pizza At UUG Meeting * Josh Coates [Fri, 3 Dec 2004 at 09:06 -0700] <quote> > a three year old can subvert any security based on sealing an envelope and > an ink signature is *trivially* forged by *anybody* - no education required. http://news.bbc.co.uk/2/hi/technology/3552132.stm Still think an ink signature is *trivially* forged? Sure it is for the casual inspector, but if you *really* want to know for sure, you *can* tell if it was forged. Case in point, my mom once forged my dad's signature (for convenience, my dad wasn't available) and the bank called the bluff. And it wasn't even some large amount that would raise suspicion. And incedentally, you make the point that the digital signature is *more* secure than an ink one, and it's just as easy as, if not easier than, scribbling your John Hancock on a piece of paper. What I mean when I say more secure is that the validation can be completely automatic and validate it to the level of the holographic paper inspection of an ink signature without all that fancy equipment. Therefore, the casual inspector can know for a surety that the sig is good. Unfortunately, in the event that the private key *is* compromised, the forgery is %100. No subtle overlay patterns to detect there. Hence the paranoia about where one's private key is stored, and also the key revoking feature. I think your primary argument is that the benefits don't outway the trouble of doing it. To that, I'd just like to say, "Did you ever practice a signature?" If not, fine. But I would say that a PGP signature is comparable. You go through a little effort to create the keys, set up your mailer, then after that, it's completely automatic. e.g. When I complete this email, I will press :xpsy<passphrase> YMMV (Your Mailer May Vary), it's become a habit. There's no extra thought involved. Just like signing a letter. Von Fugal -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
