e-conveyancing
David Swarbrick
david at swarb.freeuk.com
Fri, 30 Mar 2001 06:42:01 +0100
It is quite unmeasurable, but I have little trust in those who say they can
tell when signatures are forgeries. As an area of expertise there is no
proper profesional standard that I would pat any great credit to.
--
David Swarbrick, Solicitor
david.swarbrick@wrigleyclaydon.com www.swarb.co.uk Tel 0161 785 3527 Mob
0779 681 0373
> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Nicholas Bohm
> Sent: 29 March 2001 14:02
> To: ukcrypto@chiark.greenend.org.uk
> Cc: ukcrypto@chiark.greenend.org.uk
> Subject: Re: e-conveyancing
>
>
> At 12:33 29/03/2001 +0100, Ben Laurie wrote:
> >Nicholas Bohm wrote:
> >> The underlying problem is precisely the limited security of
> private keys
> >> once in widespread use for valuable purposes.
> >
> >Is it? How secure is my signature? I would contend that is substantially
> >less secure than even the most crappily protected private key (and,
> >indeed, 6k stolen from my bank account shows it is often not even
> >checked). So how come it works?
>
> The issue is tackled at some length in
>
> http://elj.warwick.ac.uk/jilt/00-3/bohm.html
>
> which I immodestly commend.
>
> Pending developments in science unforeseen, you cannot give away, or have
> stolen or copied from you, the ability to make a distinctive handwritten
> signature. Security at this point seems to be perfect.
>
> Banks and others who rely on signatures can expend whatever effort they
> wish on verifying them. Since they carry the risk of e.g. cheque forgery
> and you as the customer do not, it is up to them to decide how much effort
> to expend, depending on the size of the cheque. This is just as
> it should be.
>
> Good forgeries are hard to detect by casual inspection, but the detection
> rate rises rapidly if document examination techniques are employed instead
> of mere visual comparison. The error rate is a matter of continuing
> controversy in the academic field, one problem being that the best forgers
> probably have better uses for their talents than submitting themselves to
> expert testing.
>
> It does seem possible that a very good forgery might deceive experts into
> the conviction that a forger's signature is yours, but forgery
> that good is
> likely to be reserved for high value targets on account of the effort
> involved; and it is rarely necessary for the forger to achieve that
> standard anyway, since all he needs to do is fool the bank at the point of
> payment, and he has no reason to want to go further and fool the bank into
> throwing the loss on to you.
>
> Private keys can be stolen in ways we all know about, quite possibly
> without their owners' knowledge; and no amount of effort by the verifier
> can detect this. Only the owner can manage the risk, and very many owners
> are likely to be unable to protect themselves adequately if private keys
> are widely deployed.
>
> Regards
>
> Nicholas
>
> Salkyns, Great Canfield,
> Takeley, Bishop�s Stortford CM22 6SX, UK
>
> Phone 01279 871272 (+44 1279 871272)
> Fax 01279 870215 (+44 1279 870215)
> Mobile 07715 419728 (+44 7715 419728)
>
> PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
> 9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
> PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
> 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF
>
>
>
>
>