EU DIRECTIVE ON SIGNATURES
Carl Ellison
cme at acm.org
Sat, 22 Aug 1998 08:03:40 -0700
-----BEGIN PGP SIGNED MESSAGE-----
"The UK - in line with our proposed legislation - will seek to
ensure that other types of electronic signatures (eg those relying on
biometric techniques) are also included."
Nigel,
this is an important point.
For ammunition in your argument, let me refer you to the observation that a
digital signature differs strongly from a handwritten signature.
The former is bound tightly to a document but only loosely to a human. Any
person who steals a private key can make a "forgery" indistinguishable from
the real signature.
The latter is tightly bound to a human (as a kind of biometric) but only
loosely to a document. The best example of this is a signed blank check --
or any other document that can be modified after being signed.
Therefore, any attempt to make digital signatures equivalent to handwritten
signatures needs a careful security analysis -- to see if the loose
connection to the signer is adequate for the purpose of the document.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNd7dyxN3Wx8QwqUtAQGFfwP/cuCgYoutv7xSft8UkKbO4XCGjnEACq6w
2W2oQuQ4IWr+Acj0fg46j/wcrs6Lt/7QFtm1NDZpRb49u1PyhKUVK813md8qa5o7
jayl/eudB9q05AfJkYK7KU88i+HsZFM/kFKZodyXTKgHKAMJwlauhCr1+DwdlUT/
+qbpyKCpO8I=
=1xJo
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@acm.org http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+