Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!usc!ucla-cs!oahu!sprouse From: sprouse@oahu.cs.ucla.edu (Steven Sprouse) Newsgroups: comp.org.eff.talk Subject: Re: Let's get moving gang!!! Keywords: Implementation, Network Novelties Message-ID: <38374@shemp.CS.UCLA.EDU> Date: 27 Aug 90 07:00:32 GMT References: <7686@helios.TAMU.EDU> <737@primerd.PRIME.COM> <1990Aug27.013401.16422@svc.portal.com> Sender: news@CS.UCLA.EDU Organization: UCLA Computer Science Department Lines: 32 In article <1990Aug27.013401.16422@svc.portal.com> daven@svc.portal.com writes: >In article <737@primerd.PRIME.COM> milgr@teapot.prime.COM (Marc Milgram) writes: >>|>Consider signing and sending petitions through the network... >>|> (digital signatures) >>|> >>People keep bringing up the point that it is too easy forging signatures >>through email. I see major problems if electronic petitions were allowed >>for federal and state political purposes. (I guess that people can still >>forge signatures using pen and ink, but it is not as easy). > >If and when the public key cryptosystem becomes widely used, digital signa- >tures should be harder to forge than pen and paper signatures. So if anything >a digital signature should be easier to verify and more secure. > One drawback to digital signatures (at least as I understand them) is the fact that they rely on fact that the signer wants his signature to be a secret. What happens if I digitally sign a contract and then want out? What keeps me from leaking my secret codes (signature) to the world and then claiming that my signature was forged? The only ways around this that I see are : 1) Use digital signatures as token signatures to carry out business immediately, and verify real signatures on paper at a later date to confirm "the meeting of the minds". 2) Don't let users know their own secret keys. This is done usually with some sort of physical security and may involve 3rd parties. Once you allow 3rd parties into the picture you open a whole new can of worms as whether you trust the 3rd party to exercise control over the entire system! -Steve Sprouse