Comments: "Trusted-Hardcopy" -- more experiments with digitising paper and signatures

Why would you just post an article verbatim? Why not add a few comments of your own?

My question is ... it seems that this is like a microdot which takes a click of the paper and stores it compressed in the bar code. Now the problem is ... will this still work if the paper gets damaged a little , a little dust falls on the paper ... paper becomes yellow ... how good an image processing algo would be required to check whether the two things match? What advantages are there to this? I mean, the signature requires human intervention, it is stored physically and not digitally , and everytime something is edited a new signature would be required. And there is no scope of digital filters (signature filters, where you say that you are not signing the office use only part of the form ).... so everything is just like the present , only that instead of signing with pen you are signing with a bar code and paying for HPs horrendously costly ink?

Posted by dev at July 2, 2007 05:11 AM

Main reason for no comments: travelling ...

Main reason for posting: it is a sort of poignant example of how digsigs in their obvious form have failed to make much headway, and how the old mechanisms still seem to be dominating.

In contrast, see Germany's attempts to kick-start use of digsigs by offering VAT reductions on invoices. They may eventually get it to work, but at such cost that people will eventually wonder what happened to the dream...

Posted by Iang at July 2, 2007 07:04 AM

but this is frankly ridiculous ! IMHO, it is a step back! this isn't a dig sig... it is a physical signature! and TFA article talks about it as if it is some really new thing and a new discovery!

Am I too cynical? have you realised any advantages of this?

Is my understanding that it is like a microdot of the document on the document itself wrong?

Posted by dev at July 2, 2007 07:13 AM

It's only a step backwards if you believe that digsigs are a step forwards. If instead digsigs are a step backwards, or simply don't work, then it is more an expression of evolution / experimentation.

The sad fact that is to be discovered every time someone invests in digsigs is that they do not work. At least, they don't do what they claim to be able to do. There are some other advantages to digsigs, but first we have to get over the myth of digsigs as being useful human signatures.

As to whether it is a microdot ... I don't know any more than the article.

Posted by Iang at July 4, 2007 03:51 AM

while that is true , they certainly achieve something. I mean, afaik, dsigs are the only methods of making sure of data integrity when the data is stored on the server db. and I think that is very important cos an attacker/someone with nefarious puposes can't edit the data in the db and put blame on you then, so easily.

Other than that , evidence against non-repudiation is also given. So dsigs do have their advantages. Whether they justify the investment and training required is a question beyond me.

Posted by dev at July 4, 2007 04:59 AM

digsigs ... if you mean that reverse-encryption method from public-private key cryptography ... are not the only means of data integrity. We can use a range of devices for that: a simple checksum, a hash, or a keyed-hash (HMAC). All of these do data integrity to some extent or other.

Another way of looking at this is whether the digsig is entirely about data integrity. In this case, a hash stored in a secure and published repository "isa" digsig, as it ensures the existance of a document at a certain point in time. If we make sure that the signatory is in fact aware of the event, then we can also ensure that she signed. (This is more or less what the Ricardian Contract does, although it also includes a public-private keyed reverse encryption digsig.) For more on this, search on "hash entanglement".

As to non-repudiation, that's a myth. There is no such thing as non-repudiation, and no way to invent or create it. Click on the link on more on that.

What exists is "evidence" and a digsig can achieve that. But so can a lot of other things, it all depends on what you are trying to create evidence on, and that depends on a proper understanding of the application. Digsigs create evidence of something, but that isn't good enough, we need to know what it creates evidence of, and whether that is useful.

Posted by Iang (repudiating non-repudiation) at July 4, 2007 05:12 AM
Post a comment

Remember personal info?

Hit Preview to see your comment.
MT::App::Comments=HASH(0x55cf5a8ae748) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/ line 125.