Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!snorkelwacker!bloom-beacon!bloom-beacon.mit.edu!jik
From: jik@pit-manager.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.org.eff.talk
Subject: Re: Let's get moving gang!!!
Message-ID: <1990Aug27.155515.22537@athena.mit.edu>
Date: 27 Aug 90 18:54:52 GMT
References: <7686@helios.TAMU.EDU> <737@primerd.PRIME.COM>
	<1990Aug27.013401.16422@svc.portal.com> <38374@shemp.CS.UCLA.EDU>
	<1990Aug27.082030.1@amazon.llnl.gov>
Sender: daemon@athena.mit.edu (Mr Background)
Organization: /mit/jik/.organization
Lines: 36
In-Reply-To: oberman@amazon.llnl.gov's message of 27 Aug 90 15:20:30 GMT

In article <1990Aug27.082030.1@amazon.llnl.gov> oberman@amazon.llnl.gov writes:
>In article <38374@shemp.CS.UCLA.EDU>, sprouse@oahu.cs.ucla.edu
>(Steven Sprouse) writes:
>> 
>> 	One drawback to digital signatures (at least as I understand them)
>> is the fact that they rely on fact that the signer wants his signature
>> to be a secret. What happens if I digitally sign a contract and then
>> want out? What keeps me from leaking my secret codes (signature) to the 
>> world and then claiming that my signature was forged? 
>
>You misunderstand the function and operation of public key encryption. A
>digital signature is not in any way secret.

  Actually, Mr. Oberman, *you* are the one who is missing the point
made by Mr. Sprouse.

  Sprouse did not ask what would happen if the signer's public key
were made public.  He asked what would happen if the signer's
*private* key were to be leaked to the world.

  As Sprouse points out, the viability of digital signatures depends
on the signer *wanting* his signature to remain authentic, and
therefore doing everything he can to protect his private key.

  If an individual provides a signature encrypted in his private key
in order to validate a contract or other document, and then decides
that he no longer wishes to be bound by that document, he can simply
find a way to "leak" his private key in a way that does not look
intentional, and then announce, "Oh, well, I didn't sign that
document, and look, my private key has been compromised, so someone
else must have forged my digital signature using it."

Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8495			      Home: 617-782-0710