-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mxsmanic wrote in
news:0hoanvg02gr011muaffb4dana3af27p8pe@4ax.com:

>> I'm not going to waste time arguing, but think the
>> experts would disagree.
>
> In other words, you don't have an adequate counterargument, and you
> hope the standard appeal to authority will persuade me or others.
>
> If you disagree, say so, but don't pretend that I'm somehow objectively
> wrong or that "experts" disagree with you and not me and therefore
> somehow discredit me.

It is as I said, I just don't have a desire to argue, and also don't
currently have the desire, or feel the need, to do the research necessary
to "prove" the accuracy of handwriting expert testimony. I thought about
just not replying, but didn't want my non-response to be interpreted as
somehow indicating something like "Oh, I must have been mistaken!" I
guess I may have made the wrong choice. However, it should be next to
impossible in a court to demonstrate that someone digitally signed
something. Although a digital signature is much better at stating that
what was signed has not been altered, it still is not proof of who was
using the signing key, or if they knew they were signing the signed
document.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

iQEVAwUBP3WE/2DeI9apM77TAQI/ugf/cqFxvwqycNFbMcCYg7zZS2zDtiM55z52
MvVdog/DklDXCTtAE8dYtpb/Lj8BCG08FS51ngsicP8lejsMdmajqqJvK3RELU+f
tOdTRkoHXm8WCd73k8Uvg1fQt+MpzcZdQn1mjxftKmE12cqZYn l3It9PkA66Zh/p
lkEFulweHOoDtAOnHVFbvB/80lHlrVovr27eMamZgUU9mKsgOT6RUxeyO1OPckj9
UV9dRSYZpV+BEOYFHvtMnDv0kqOIrYD4/TJuU8Gujep/nRH9EQYwfYte236me8vn
3FrxND71HmUPJn7l8v+FykB3RqsuD7riQ+wygY3tY38pfhUjW/GQTQ==
=HFsn
-----END PGP SIGNATURE-----

Tom McCune writes:

> However, it should be next to impossible in a court
> to demonstrate that someone digitally signed something.

This is at least equally true for a handwritten signature.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

In article , Mxsmanic
wrote:

> Tom McCune writes:
>
> > However, it should be next to impossible in a court
> > to demonstrate that someone digitally signed something.
>
> This is at least equally true for a handwritten signature.

There is a ton of legal precedent for handwritten signatures. That body
of precedent is not yet available for digital signatures.

I agree that a handwritten signature is pathetically easy to forge,
especially one that appears on a fax, and which is legally accepted in
some places. However it carries the presumption that the signer and the
document were together at some time, and that the signer had the
opportunity to read whatever it was that (s)he was signing.

Neither of those is true of a digital signature, unless it can be
proved that the signer has never divulged his passphrase and never left
his computer unguarded or open to technical attack, and that the
signature could only be applied when the document was available to the
signer to review.

It is a pity that 'signature' was ever used as term to describe a
one-way hash of a document and a secret.

It does not seem terribly difficult to design a protocol involving a
trusted witness or notary that would be as good as a faxed signature,
but that stuff has to be tested by the courts before it is useful in
business.

Some courts would probably allow it today, but then there are courts
who believe a lot of nonsense about pregnant chads and un-peer-reviewed
voting machines.

Elliott Roper writes:

> There is a ton of legal precedent for handwritten signatures. That body
> of precedent is not yet available for digital signatures.

True, but that is independent of the technical superiority of digital
signatures. Lawyers are wary of anything new, but that doesn't mean
that anything new is bad.

> I agree that a handwritten signature is pathetically easy to forge,
> especially one that appears on a fax, and which is legally accepted in
> some places.

Everytime I think about it it makes me nervous. It's a wonder that
forgery isn't much more common. But I guess most people are honest.

> Neither of those is true of a digital signature, unless it can be
> proved that the signer has never divulged his passphrase and never left
> his computer unguarded or open to technical attack, and that the
> signature could only be applied when the document was available to the
> signer to review.

Odd that this must be proved, when the authenticity of handwritten
signatures is assumed by default.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> But as I state in my FAQ,

Mxsmanic wrote:
> it would be nice if it were black on white instead of white on blue.

Just set the page colours in your browser

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/do+jZsrx6aBPZiwRAn7lAJ9UbkHIWE1mW6oAzaCBKEudO6MBWw CfXta/
YIhSLkMf8epAfOmh2R15HAc=
=LYRR
-----END PGP SIGNATURE-----

"Mxsmanic" wrote in message
news:93t6nvsvg8uo1g62b7a9if2bpveph5lguv@4ax.com...

> I only occasionally sign messages with PGP (usually just for the heck of
> it), and I rarely ever encrypt anything at all. I've only used PGP for
> "necessary" encryption once, in order to send new credit-card
> information to an ISP--but PGP definitely justified itself then!

Interesting -- an ISP with its own PGP key pair. It would be nice if banks,
mortgage companies, credit card issuers (to use other examples) routinely
used PGP and made their public keys widely available, for the reason you
described.

Dave
--
ROT13 the "reply to" for actual e-mail address.

TANSTAAFL

A = A

Dave writes:

> Interesting -- an ISP with its own PGP key pair.

It was certainly convenient.

> It would be nice if banks, mortgage companies, credit card issuers
> (to use other examples) routinely used PGP and made their public
> keys widely available, for the reason you described.

I agree, but I'm not holding my breath. Organizations like that cling
to old technologies after everyone else has moved on, and they will
never spend money on anything (including security) unless they are
forced to.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.