Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!wuarchive!julius.cs.uiuc.edu!apple!portal!sv!daven
From: daven@svc.portal.com
Newsgroups: comp.org.eff.talk
Subject: Re: Digital Signatures and Public Key Cryptography
Message-ID: <1990Sep10.001006.4280@svc.portal.com>
Date: 10 Sep 90 00:10:06 GMT
References: <2960@mindlink.UUCP>
Organization: Software Ventures
Lines: 32

In article <2960@mindlink.UUCP> a577@mindlink.UUCP (Curt Sampson) writes:
>Releasing your own public key to enable you to claim that someone else had
>forged a letter to you would be very risky business.  It would enable anyone
>who had your key to also forge anything else in your name (such as money
>transfers) and read anything sent to you.  I don't see people doing it unless
>they are *very* desperate to get out of a contract.  Releasing your private key
>would be basically opening yourself up to the world.
>
>There are many ways in which this system could be abused, should information
>get into the wrong hands.  But isn't that true of all systems?

Hmm, yes if the Public-Key system were to become so widely used, that
digital signuatures were to become legally accepted for contracts, then
you're probably correct. Handing out one's private key would be an
act of sheer desperation.

One way to prevent this is of course the "witness". A third party witnessing
the contract with their own digital signature would make the claim of
"forgery" harder to make stick. A digital public notary? Both parties
"sign" the contract on their local notary. Each notary then can act as a
reliable witness.

Now, how to eliminate the physical trip to the notary's office?

Dave Newman


-- 
-------------------------------------------------------------------------------
Dave Newman - Sofware Ventures        | daven@svc.portal.com | AppleLink: D0025
Berkeley, CA  (415) 644-3232          | AOL: MicroPhone      | CIS: 76004,2161
-------------------------------------------------------------------------------