EU Draft Digital Signature Directive

[Jon Plews]

> [mailto:owner-ukcrypto@maillist.ox.ac.uk]On Behalf Of Charles Lindsey
> Sent: 26 August 1998 14:45
> To: ukcrypto@maillist.ox.ac.uk
> Subject: Re: EU Draft Digital Signature Directive
>
>
> 	On Wed, 26 Aug 1998 02:02:28 +0100
> 	John Williams <johnwill@bcsphcsg.demon.co.uk> said...
>
> > Agreed.  It is surely true for written signatures.  If you know me, and
> > see me sign a cheque made out to you - then you don't need my signature
> > witnessed,  or somehow authorised by a notary.  You are simply left
> > wondering if I have the funds in my bank account.  Even the bank doesn't
> > ask for a third party certification of my signature.  Why should a
> > digital signature be any different?
> >
> Not quite. If you sign in front of me but, knowing you are short
> of funds, deliberately sign in a style totallly different from the
> signature dpeosited with the bank, then you can later repudiate
> it (at lest to the satisfaction of the bank).
>

If you sign a personal cheque you will have *alot* of explaining
to do if you repudiate a bogus signature.

The signature on cheque is of about as much significance as the
the date you write on it.  The significance is placed on the
piece of paper.  Try presenting an unsigned cheque--I have (many
moons ago) and it was cashed,  as was a cheque I signed with
a dash.

The fact is there is *no* equivalent of a digital signature in use
in the real world[1].  Juggling existing paradigms simply doesn't
work because a digital signature implies guarantees that cannot be
met by any process in use at the present time.

Couching new arguments in familiar term is undoubtedly useful,
but there has to come a point where you have to break away so as
to explain the true nature of digital signatures (and encryption).

[1] I should say I can't think of one off the top of my head,  but
I'm sure there *are* examples ...

Jon Plews.