Thanks again Ian for another interesting link!
From my perspective it seems that the crypto-geeks/technorati are well prepared to deliver the goods to make this stuff all work. I'm less well convinced that the legal community is even in the slightest interested. Case law in the courts (U.S. anyways) is just slowly coming out of the '70s era. Judges now are starting to figure out how to change the clock on their VCR. It's a vicious catch-22 - until publickey technologies become more mainstream in business dealings the law won't catch up; until the law catches up the maths won't be implemented.
Posted by Wren at April 3, 2005 10:42 AMAs to how prepared we are, yes! We have delivered the technology; but the business aspects have slowed us down.
I wouldn't worry about the legal community. They do best when they follow behind and clean up the mess. Controversially, they showed just how far out of tune they can be with reality when they get ahead of the technology with the whole "digital signature law" mess.
Although not a big barrier, in our field we continually trip over digsig law and have to skirt around it by one means or another. As a current example, the laws are slowing down the introduction of differentiated certificates in the slick-like-molasses field of x.509 PKI browsing. Whether we will find a way around the laws remains to be seen.
(Digital signature law is a dremple, to use the FC term of art, which is a small barrier that gets in the way, but if we have too many of them, we end up not getting anywhere.)
Posted by Iang at April 3, 2005 11:26 AMsome recent posts on public key operations
TLS-certificates and interoperability-issues sendmail/Exchange/postfix
http://www.garlic.com/~lynn/2005e.html#45
xml-security vs. native security
http://www.garlic.com/~lynn/2005e.html#38
http://www.garlic.com/~lynn/2005e.html#39
http://www.garlic.com/~lynn/2005e.html#40
http://www.garlic.com/~lynn/2005e.html#41
http://www.garlic.com/~lynn/2005e.html#42
PKI: the end
http://www.garlic.com/~lynn/2005e.html#22
http://www.garlic.com/~lynn/2005e.html#24
http://www.garlic.com/~lynn/2005e.html#25
http://www.garlic.com/~lynn/2005e.html#26
http://www.garlic.com/~lynn/2005e.html#27
there is the issue of possible semantic confusion with the term "digital signature" containing the word "signature" and possibly implying something related to human signature. digital signature basically provides
1) indication of whether message has been altered
2) from 3-factor authentication, the validation of a digital signature implies that the originator had access to and used a specific private key (aka "something you have" authentication).
typically, a human signature indicates that somebody has viewed, read, understood, approved, agreed, and and/or authorizes something .... none of which is implied by the standard digital signature process.
in fact, some number of digital signature based authentication schemes have a server sending random data (that is never viewed) for digital signature (authentication, random data as countermeasure against replay attack).
if the same digital signature mechanism were to be used to also imply human signatures ... then a possible attack on the infrastructure would be to transmit a valid document under the guise of random data (in an authentication protocol) for digital signature.
Posted by Lynn Wheeler at April 3, 2005 02:36 PMWhen the Capo orders a contract it is executed.
Posted by Gotti at April 4, 2005 05:53 AMI think that even when we (try to) use the digital signature paradigm like a human signature, it still doesn't work because it's more like a rubber stamp. We need to own something (the secret key). Something, that can be stolen from us, that we may lose, that is not available to us at any time in any place. This, in my opinion, in a major roadblock to ubiquitous signatures. Right now, I am working on the technology to overcome it. I actually do have a working prototype, so it is very-very promising.
Also, it is worth noting that digital signatures and reputation based on them does work in one system: OpenPGP identity certification. It is admittedly a geek toy, but tens of thousands of people are using it with success.
This said, I also strongly agree with Ian that one-way hashes are a much more important and powerful tool to entangle information and unambiguously refer to documents. My ePoint payment system also hinges on these and provides digital signatures only for dispute resolution purposes. Preliminary experiments with users (it is used as an exchange medium in a file-sharing community) indicate that they seldom bother with verifiing the digital signatures, and yet the system works.
Another interesting observation is that young people (e.g. teenagers) take these things much more seriously than grown-ups. They become familiar with the technology to the extent that they are willing to trust it much faster. From that point on, a digitally signed promise carries significant weight. Young people are willing to sustain losses to save their reputation.
I think, digital signatures have not lived up to the promise because the authenticity of documents with a reasonable trail is seldom questioned. An email from my address is accepted as having been written by me. A page downloaded from my website is accepted to be posted by me. Heck, this comment is universally accepted to have been written by myself. Why?
I see a lot of bad thinking about digital signatures which could be improved by thinking more clearly about handwritten signatures. People hold digital signatures to an unrealistic standard which handwritten signatures could never meet. Handwriting can be forged; signatures standing alone have no obvious meaning; commercially signatures are often implemented literally with rubber stamps. Yet signatures have played an important and successful role in commerce for thousands of years.
The truth is that digital signatures are better and more secure than handwritten ones, but they are not infinitely better. People need to stop thinking "magically" about digital signatures and recognize them for what they are, evidence of intent; not perfect evidence, but good evidence. Compare them with a handwritten signature in a similar context and ask yourself, what is that signature telling us, and how strong is the evidentiary link to the ostensible signer's intent?
This kind of reality-based analysis will help avoid the simplistic and superficial analysis of digital signatures that we often see in the ecommerce world.
Posted by Cypherpunk at April 5, 2005 02:18 PM