EU Draft Digital Signature Directive

Nicholas Bohm nbohm at ernest.net
Wed, 19 Aug 1998 20:45:57 +0100 

At 05:29 PM 8/19/1998 +0100, Clare Wardle wrote:

[snip]

>More relevantly to this strand, Nicholas Bohm wrote:
>
>>My main point is that consumers at present have inadequate means for
>>protecting private keys from compromise, and it is therefore unacceptable
>>to transfer to them the risks which would be imposed on them by making
>>digital signatures non-repudiable.
>
>I don't agree with Nick Bohm that there is a problem with appropriate
technology (and >services)  being available to consumers - by the time this
directive comes into force (a >couple of years off minimum) there will be.
Whether any signature should be totally non->repudiable under any
circumstances is another question.

I don't think electronic commerce is waiting for the directive or the
proposed UK legislation to come into force, nor is it dependent on them, so
I don't share the assumption about timing.

Even so, I suspect that a lot of consumers will for a long time still be
using software no more secure than Windows 95, and passwords or passphrases
no better than the usual urban legends.  Others on this list can no doubt
say how easily attacks can be mounted by ingenious children, let alone
technically competent fraudsters.  How soon will really cheap, really
secure protection be available for my private key?  Until it is, I would
prefer to use non-electronic commerce where I can repudiate a bogus
signature and leave the burden of proof on the other party than to use
electronic commerce on terms that the burden of proof lies on me to show
someone got at my key.  There just isn't enough advantage in running the risk.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF