Text of (original) draft EU DIGITAL SIGNATURE DIRECTIVE
Charles Lindsey
chl at clw.cs.man.ac.uk
Fri, 3 Apr 1998 18:59:52 +0100
On Fri, 3 Apr 1998 15:10:28 +0100
Brian Gladman <gladman@seven77.demon.co.uk> said...
>
> Yes, this wording looks badly flawed - the CSP provides the certificate not
> the signature but this clause confuses this. The whole document seems to be
> based on the presumption that digital signatures require endorsement through
> some form of certification service in order to be valid. This does not make
> sense since this is only one possible way of developing trust in a signature
> (and certainly ***not*** the best).
>
Yes, I think the main thing missing from this directive is the
possibility of self-certification.
"I hereby declare that I will be bound by the digital signature with fingerprint xx xx xx xx xx xx
subject to the following restrictions {examples follow}
1. use restricted to transactions between myself and company X (e.g. my bank)
2. use restricted to transaction involving consideration of no more that £yyy
3. ...
Signed by my own fair hand in the usual form"
Now digital signatures conforming to what was written should be accepted
as being as valid as (no more, no less) my handwritten signature on
that certificate.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5