BBC News: E-signatures become legal

[Ross Anderson]

> very few (if any) devices that produce handwritten signatures reach
> these assurance levels!

I disagree. It's disgraceful that a number of the smartcard products
which are easy to defeat using probing or power analysis attacks have
been granted common criteria evaluations at E3 or E4. The only
plausible explanation is that this is a political decision - if you
are the government of France and you've subsidised the industry with
billions of tax francs, you just tell the evaluators what result is
required.

In the medium term, the outcome I expect to see is that the whole
Common Criteria process will be discredited. I have already got 
several case histories of CC abuse, and they'll appear next February
in my book

Ross