EU Draft Digital Signature Directive

Nicholas Bohm nbohm at ernest.net
Fri, 28 Aug 1998 18:47:40 +0100 

At 06:12 PM 8/28/1998 +0100, Clare Wardle wrote:
[snip]

>Several contributors have suggested that personal signatures are in some
way attached to the person of the signer.  Since only a few people know
what my signature or I look like, and as many conmen are quite capable of
copying a signature (off a stolen card, for example) and as the number of
people who check signatures is vanishingly small, and finally as signatures
vary to the point that a useful scheme to check signatures electronically
proved quite impracticable, I do not think that ordinary signatures are any
more difficult to fake than digital ones - probably less.

I think this misses the point of the analogy.  The point to my mind is that
if someone fakes my signature and deceives a third party, it is quite
difficult for the third party to make me carry the can.  Once the
handwriting experts get on to the case, it becomes quite hard for anyone to
prove that a signature was made by me if it wasn't.

That is not true of digital signatures:  if they can be faked at all
(through some variety of compromise, not necessarily through fault on the
owner's part), they can be faked perfectly.  It is very unfair to the third
party who could not have detected the forgery by any practicable means if
he cannot make me carry the can (which is not the case with handwriting in
principle, however slack everyone chooses to be in practice and at their
own risk);  but it is very unfair to me if the compromise was one I could
not have avoided by reasonably available means (it isn't easy to get your
system proofed against tempest attacks, bugs, trojans etc - and there are
no current standards of what protection I can reasonably be expected to take).

It is this risk of unfairness to both sides that makes current proposals a
dangerously inadequate basis for the structures that are hoped to rest on
them.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF