When *not* to sign an e-mail message? - PGP

This is a discussion on When *not* to sign an e-mail message? - PGP ; Hi, I'm wondering if there are any hypothetical situations where one would NOT want to sign an email message they are sending to another party. In my opinion, there are no valid reasons not to sign a message. Can anyone ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 51

Thread: When *not* to sign an e-mail message?

  1. When *not* to sign an e-mail message?


    Hi,

    I'm wondering if there are any hypothetical situations where one would NOT
    want to sign an email message they are sending to another party. In my
    opinion, there are no valid reasons not to sign a message.

    Can anyone point out a situation to me where *not* signing would be
    advantageous (excluding off course that the message may be smaller if it's
    not signed)?

    TIA


  2. Re: When *not* to sign an e-mail message?

    "Non scrivetemi" wrote:

    > Can anyone point out a situation to me where *not* signing would be
    > advantageous (excluding off course that the message may be smaller if
    > it's not signed)?


    When sending anonymous messages it's a good idea not to sign them ;-)

    Juergen Nieveler
    --
    These opinions are mine, not those of the University of Virginia. It is
    the opinion of the University that I should be writing my dissertation.

  3. Re: When *not* to sign an e-mail message?

    "Non scrivetemi" (06-03-05 15:23:07):

    > I'm wondering if there are any hypothetical situations where one would
    > NOT want to sign an email message they are sending to another
    > party. In my opinion, there are no valid reasons not to sign a
    > message.
    >
    > Can anyone point out a situation to me where *not* signing would be
    > advantageous (excluding off course that the message may be smaller if
    > it's not signed)?


    You have to consider that a valid signature effectively means that the
    sender of the message must be you. Later you cannot claim that you
    didn't write the message. If someone compromised your key, which is
    unlikely to happen, then you have to prove this.

    This means: If you write stupid things, then don't sign them. =)


    Regards.

  4. Re: When *not* to sign an e-mail message?

    "Non scrivetemi" wrote in
    news:97a0b7459f825709f6691dc3bb94ca7e@pboxmix.wins tonsmith.info:

    >
    > Hi,
    >
    > I'm wondering if there are any hypothetical situations where one would
    > NOT want to sign an email message they are sending to another party.
    > In my opinion, there are no valid reasons not to sign a message.
    >
    > Can anyone point out a situation to me where *not* signing would be
    > advantageous (excluding off course that the message may be smaller if
    > it's not signed)?
    >
    > TIA
    >




    The whole question of digital signing and non-repudiation is fatally
    flawed.

    Why? Because it reverses the burden of proof.

    With existing handwritten signatures the burden of verifying the signature
    falls on the recipient (e.g., banks re a cheque). With digital signatures
    the sender must prove he didn't send it (e.g., he might argue his key had
    been stolen).

    The traditional basis of signatures is that the burden lies on the fellow
    relying on them; digital signatures reverse 1000 years of legal and
    commercial practice. While arguments can be advanced why such a reversal
    might be desirable they have to overcome this "who proves" hurdle and
    cannot rely solely on their "gee-whiz" gimcrackery as sufficient
    justification.

    Regards,


  5. Re: When *not* to sign an e-mail message?

    Non scrivetemi writes:

    > I'm wondering if there are any hypothetical situations where one would NOT
    > want to sign an email message they are sending to another party. In my
    > opinion, there are no valid reasons not to sign a message.


    You don't sign it if you wish to be able to deny having written it
    later.

    Also, signing trivial messages gives adversaries more material with
    which to attempt to recover your key pair, so unimportant stuff
    probably should not be signed. And don't sign anything someone asks
    you to sign without making some sort of (trivial) change to it.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  6. Re: When *not* to sign an e-mail message?

    nemo_outis writes:

    > With existing handwritten signatures the burden of verifying the signature
    > falls on the recipient (e.g., banks re a cheque). With digital signatures
    > the sender must prove he didn't send it (e.g., he might argue his key had
    > been stolen).


    Actually the burden of proof is the same for both. In both cases, the
    recipient verifies the signature. In both cases, if the signature
    appears to verify correctly, then it's up to the alleged signer to
    prove that the signature was forged. It's much harder to do this with
    digital signatures than with handwritten signatures, but the
    principles are the same in both cases.

    Indeed, it doesn't matter how secure a digital signature system might
    be if it can be shown that a given digital signature is or is not
    under the exclusive control of its putative owner.

    > The traditional basis of signatures is that the burden lies on the fellow
    > relying on them; digital signatures reverse 1000 years of legal and
    > commercial practice.


    Only to a certain extent. It's up to the recipient to check the
    signature. But if the signature passes the checks, it's considered
    valid unless the signer can demonstrate that it was forged.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  7. Re: When *not* to sign an e-mail message?

    Mxsmanic wrote in
    news:k0cm02ldmfuij92pa9hltq49j9i3bdl8pf@4ax.com:

    > nemo_outis writes:
    >
    >> With existing handwritten signatures the burden of verifying the
    >> signature falls on the recipient (e.g., banks re a cheque). With
    >> digital signatures the sender must prove he didn't send it (e.g., he
    >> might argue his key had been stolen).

    >
    > Actually the burden of proof is the same for both. In both cases, the
    > recipient verifies the signature. In both cases, if the signature
    > appears to verify correctly, then it's up to the alleged signer to
    > prove that the signature was forged. It's much harder to do this with
    > digital signatures than with handwritten signatures, but the
    > principles are the same in both cases.



    No, in any western system of law, the person relying on the signature
    (usually the recipient or beneficiary) must prove its validity (e.g., a
    bank relying on my signature on a cheque must validate it against its
    sample signature). If it is contested and goes to court it is the bank's
    burden (to use my example) to satisfy the court that the signatures
    match.

    Yes, I can try to make it even harder for the bank - I can adduce reasons
    why the signature should not be accepted and why the banks hasn't
    discharged its burden of proof. But that doesn't change where the
    *primary* burden lies. It is the bank's burden and, as with most legal
    procedures, I have the right to contest whether it has discharged that
    burden. But I'd much rather the burden fell on them than me and I only
    have to cast additional doubt if I choose to.


    > Indeed, it doesn't matter how secure a digital signature system might
    > be if it can be shown that a given digital signature is or is not
    > under the exclusive control of its putative owner.



    And that is precisely the point. With a traditional signature system I
    have one and only one requirement: the performance of the positive act of
    signing. I do not, with the traditional system, have the additional
    burden of showing, in a dispute, that a key had somehow escaped from my
    exclusive control. (The safekeeping of that key now becomes a new burden
    on me roughly equivalent, for instance, to safeguarding my chequebook in
    which I have already signed every blank cheque! Something no prudent man
    would do!)

    With electronic signatures I have taken on additional burdens that do not
    apply with traditional signatures. For instance, I now carry a burden
    not to be negligent in my keeping the keys safe. And, if the signature
    is disputed, it would fall on *me* to show that they had somehow leaked
    or been compromised (e.g., I might have to show Verisign has a corrupt
    employee). I have taken on (or rather had imposed on me) additional
    responsibility and the need for a wider net of trust - things I don't
    have to do the old-fashioned way.


    >> The traditional basis of signatures is that the burden lies on the
    >> fellow relying on them; digital signatures reverse 1000 years of
    >> legal and commercial practice.

    >
    > Only to a certain extent. It's up to the recipient to check the
    > signature. But if the signature passes the checks, it's considered
    > valid unless the signer can demonstrate that it was forged.



    Handwritten signatures and their verification have many limitations and
    flaws from a technical perspective. However, that doesn't change that
    the primary burden of verification rests with the one relying on the
    signature and not the other way round. That person must be able to
    demonstrate to a competent third party (e.g., a court) that the signature
    is valid. The means and standard of that proof (too easy or too hard)
    may be a topic for acrimonious debate but that still doesn't change on
    whom it falls.

    And I, for one, am not eager to reverse those obligations and
    responsibilites.

    Regards,










  8. Re: When *not* to sign an e-mail message?

    Non scrivetemi wrote:
    > Hi,
    >
    > I'm wondering if there are any hypothetical situations where one would NOT
    > want to sign an email message they are sending to another party. In my
    > opinion, there are no valid reasons not to sign a message.
    >
    > Can anyone point out a situation to me where *not* signing would be
    > advantageous (excluding off course that the message may be smaller if it's
    > not signed)?
    >
    > TIA
    >


    There aren't any hypothetical situations. Only real ones.

    www.mypgp.com

  9. Re: When *not* to sign an e-mail message?

    nemo_outis wrote:
    > Mxsmanic wrote in
    > news:k0cm02ldmfuij92pa9hltq49j9i3bdl8pf@4ax.com:
    >
    >
    >>nemo_outis writes:
    >>
    >>
    >>>With existing handwritten signatures the burden of verifying the
    >>>signature falls on the recipient (e.g., banks re a cheque). With
    >>>digital signatures the sender must prove he didn't send it (e.g., he
    >>>might argue his key had been stolen).

    >>
    >>Actually the burden of proof is the same for both. In both cases, the
    >>recipient verifies the signature. In both cases, if the signature
    >>appears to verify correctly, then it's up to the alleged signer to
    >>prove that the signature was forged. It's much harder to do this with
    >>digital signatures than with handwritten signatures, but the
    >>principles are the same in both cases.

    >
    >
    >
    > No, in any western system of law, the person relying on the signature
    > (usually the recipient or beneficiary) must prove its validity (e.g., a
    > bank relying on my signature on a cheque must validate it against its
    > sample signature). If it is contested and goes to court it is the bank's
    > burden (to use my example) to satisfy the court that the signatures
    > match.
    >


    The recipient probably still does. It is simply that this stage is now
    trivial. The judge can even do an independent verification.

    > Yes, I can try to make it even harder for the bank - I can adduce reasons
    > why the signature should not be accepted and why the banks hasn't
    > discharged its burden of proof. But that doesn't change where the
    > *primary* burden lies. It is the bank's burden and, as with most legal
    > procedures, I have the right to contest whether it has discharged that
    > burden. But I'd much rather the burden fell on them than me and I only
    > have to cast additional doubt if I choose to.
    >
    >
    >
    >>Indeed, it doesn't matter how secure a digital signature system might
    >>be if it can be shown that a given digital signature is or is not
    >>under the exclusive control of its putative owner.

    >
    >
    >
    > And that is precisely the point. With a traditional signature system I
    > have one and only one requirement: the performance of the positive act of
    > signing. I do not, with the traditional system, have the additional
    > burden of showing, in a dispute, that a key had somehow escaped from my
    > exclusive control. (The safekeeping of that key now becomes a new burden
    > on me roughly equivalent, for instance, to safeguarding my chequebook in
    > which I have already signed every blank cheque! Something no prudent man
    > would do!)
    >


    It is equivalent to a company using a rubber stamp to sign cheques.
    Where there are a thousand people on the pay roll it is quite common for
    the clerks to be given such rubber stamps. It saves the boss a lot of
    writing.

    > With electronic signatures I have taken on additional burdens that do not
    > apply with traditional signatures. For instance, I now carry a burden
    > not to be negligent in my keeping the keys safe. And, if the signature
    > is disputed, it would fall on *me* to show that they had somehow leaked
    > or been compromised (e.g., I might have to show Verisign has a corrupt
    > employee). I have taken on (or rather had imposed on me) additional
    > responsibility and the need for a wider net of trust - things I don't
    > have to do the old-fashioned way.
    >
    >
    >
    >>>The traditional basis of signatures is that the burden lies on the
    >>>fellow relying on them; digital signatures reverse 1000 years of
    >>>legal and commercial practice.

    >>
    >>Only to a certain extent. It's up to the recipient to check the
    >>signature. But if the signature passes the checks, it's considered
    >>valid unless the signer can demonstrate that it was forged.

    >
    >
    >
    > Handwritten signatures and their verification have many limitations and
    > flaws from a technical perspective. However, that doesn't change that
    > the primary burden of verification rests with the one relying on the
    > signature and not the other way round. That person must be able to
    > demonstrate to a competent third party (e.g., a court) that the signature
    > is valid. The means and standard of that proof (too easy or too hard)
    > may be a topic for acrimonious debate but that still doesn't change on
    > whom it falls.
    >
    > And I, for one, am not eager to reverse those obligations and
    > responsibilites.


    No reversal, just harder to lie.

    Andrew Swallow

  10. Re: When *not* to sign an e-mail message?

    Juergen Nieveler wrote:
    > "Non scrivetemi" wrote:
    >
    >
    >>Can anyone point out a situation to me where *not* signing would be
    >>advantageous (excluding off course that the message may be smaller if
    >>it's not signed)?

    >
    >
    > When sending anonymous messages it's a good idea not to sign them ;-)


    Signing with what keypair? Is the public key well known to be
    associated with the author? Is the keypair ephemeral and only used for
    one message? Is the keypair made up just for the few messages the author
    wants to send using the identity "WhistleBlower12", "Terrorist214",
    "CompulsiveConfessor7" or "PoisonPenman"?
    When I first read Ender's Game by Orson Card, I couldn't figure how
    everyone could be so sure that a series of anonymous essays published
    under the name "Demosthenes" were all by the same author. Now I see that
    including a public key in each essay and a digital signature that
    verifies with that public key establishes that the essays are all by the
    same author, no, that they're all signed by the same person, no, that
    they're all signed by members of the cabal who know the corresponding
    private key.

    --Mike Amling

  11. Re: When *not* to sign an e-mail message?

    "nemo_outis" writes:
    > The whole question of digital signing and non-repudiation is fatally
    > flawed.
    >
    > Why? Because it reverses the burden of proof.
    >
    > With existing handwritten signatures the burden of verifying the signature
    > falls on the recipient (e.g., banks re a cheque). With digital signatures
    > the sender must prove he didn't send it (e.g., he might argue his key had
    > been stolen).
    >
    > The traditional basis of signatures is that the burden lies on the fellow
    > relying on them; digital signatures reverse 1000 years of legal and
    > commercial practice. While arguments can be advanced why such a reversal
    > might be desirable they have to overcome this "who proves" hurdle and
    > cannot rely solely on their "gee-whiz" gimcrackery as sufficient
    > justification.


    digital signature is technology that can be used for authentication
    aka "something you have" from 3-factor authentication model
    http://www.garlic.com/~lynn/subtopic.html#3factor

    * something you have
    * something you know
    * something you are

    where verfication of digital signature with public key implies
    possession of corresponding private key.

    this is something different than human signatures that imply having
    read, understood, agrees, approves, and/or authorizes.

    there are all sort of short-comings if you believe that digital
    signatures translate straight-forward to the same as human signatures.
    one such is dual-use attack. a valid authentication use for digital
    signatures is to have a server transmit some random data (possibly as
    countermeasure to replay attack), the client digitally signs the
    random data (w/o having read the random data), and returns the digital
    signature. an attack (against a infrastructure that might mistakenly
    make straight-forward equivalence between digital signature and human
    signature) is to substitute a valid contract for the random data.

    one such (possibly misguided) effort to make straight-foward
    equivalanece between digital signatures and human signatures was the
    addition of the "non-repudiation" flag to some digital signatures in
    the early 90s.

    in much the same way that x.509 identity digital certificates started
    to become significantly depreciated by the mid-90s, so did any
    operation that took a digital certificate non-repudiation flag as
    having any valid meaning. it becamse readily apparent that to even
    approach the meaning of a human signature (read, understood, agrees,
    approves, and/or authorizes as well as demonstrating any sort of
    intent) there had to be significant additional processes in place.

    In fact, there are some of point-of-sale terminal designs that may
    have digital signature purely as an authentication mechanism but
    requires totally separate operations to demonstrate "intent". The
    simpler example is point-of-sale terminal that uses two-factor
    authentication pin-debit as authentication ... and then requires
    separate sequence where the consumer is asked to press the "yes"
    button if they agree to the transaction (to establish intent and the
    equivalence of human signature of read, understood, aggrees, approves,
    and/or authorizes). In such a scenario, the authentication is totally
    separate process from the "intent" process.

    we were asked to come in and help word-smith the cal. state electronic
    signature legislation and then later the fed. electronic signature
    legislation. misc. past posts about electronic signatures
    http://www.garlic.com/~lynn/subpubkey.html#signature

    misc. past posts mentioning non-repudiation and/or dual-use attack on
    digital signatures (when they have conflicting uses for both
    authentication and human signature)
    http://www.garlic.com/~lynn/aepay7.htm#nonrep0 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep1 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep2 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep3 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep4 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep5 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aepay7.htm#nonrep6 non-repudiation, was Re: crypto flaw in secure mail standards
    http://www.garlic.com/~lynn/aadsm11.htm#5 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#6 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#7 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#8 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#9 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#11 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#12 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#13 Words, Books, and Key Usage
    http://www.garlic.com/~lynn/aadsm11.htm#14 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm11.htm#15 Meaning of Non-repudiation
    http://www.garlic.com/~lynn/aadsm12.htm#5 NEWS: 3D-Secure and Passport
    http://www.garlic.com/~lynn/aadsm12.htm#12 TOC for world bank e-security paper
    http://www.garlic.com/~lynn/aadsm12.htm#30 Employee Certificates - Security Issues
    http://www.garlic.com/~lynn/aadsm12.htm#37 Legal entities who sign
    http://www.garlic.com/~lynn/aadsm12.htm#38 Legal entities who sign
    http://www.garlic.com/~lynn/aadsm12.htm#59 e-Government uses "Authority-stamp-signatures"
    http://www.garlic.com/~lynn/aadsm15.htm#32 VS: On-line signature standards
    http://www.garlic.com/~lynn/aadsm15.htm#33 VS: On-line signature standards
    http://www.garlic.com/~lynn/aadsm15.htm#34 VS: On-line signature standards (slight addenda)
    http://www.garlic.com/~lynn/aadsm15.htm#35 VS: On-line signature standards
    http://www.garlic.com/~lynn/aadsm15.htm#36 VS: On-line signature standards
    http://www.garlic.com/~lynn/aadsm16.htm#14 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm16.htm#17 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm16.htm#18 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm16.htm#23 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm17.htm#3 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm17.htm#5 Non-repudiation (was RE: The PAIN mnemonic)
    http://www.garlic.com/~lynn/aadsm17.htm#55 Using crypto against Phishing, Spoofing and Spamming
    http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm18.htm#0 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm18.htm#4 dual-use digital signature vulnerability
    http://www.garlic.com/~lynn/aadsm19.htm#33 Digital signatures have a big problem with meaning
    http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and authentication
    http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and authentication
    http://www.garlic.com/~lynn/aadsm20.htm#28 solving the wrong problem
    http://www.garlic.com/~lynn/aadsm20.htm#44 Another entry in the internet security hall of shame
    http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
    http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the security challenges
    http://www.garlic.com/~lynn/aadsm21.htm#18 'Virtual Card' Offers Online Security Blanket
    http://www.garlic.com/~lynn/aadsm21.htm#27 X.509 / PKI, PGP, and IBE Secure Email Technologies
    http://www.garlic.com/~lynn/aadsm22.htm#5 long-term GPG signing key
    http://www.garlic.com/~lynn/aadsm22.htm#6 long-term GPG signing key
    http://www.garlic.com/~lynn/aadsm22.htm#7 long-term GPG signing key
    http://www.garlic.com/~lynn/2001c.html#30 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#34 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#39 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#40 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#41 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#42 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#43 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#44 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#45 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#46 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#47 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#50 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#51 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#52 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#54 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#56 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#57 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#58 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#59 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#60 PKI and Non-repudiation practicalities
    http://www.garlic.com/~lynn/2001c.html#72 PKI and Non-repudiation practicalities

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  12. Re: When *not* to sign an e-mail message?

    Mike Amling writes:
    > When I first read Ender's Game by Orson Card, I couldn't figure how
    > everyone could be so sure that a series of anonymous essays published
    > under the name "Demosthenes" were all by the same author. Now I see
    > that including a public key in each essay and a digital signature that
    > verifies with that public key establishes that the essays are all by
    > the same author, no, that they're all signed by the same person, no,
    > that they're all signed by members of the cabal who know the
    > corresponding private key.


    this is the scenario that asymmetric key cryptography is technology
    (differentiated from symmetric key), where what one key encodes, the
    other key decodes.

    there is a business process commoningly referred to as public key;
    where one key is labeled "public" and made freely available; the other
    key (of the key pair) is labled "private" and kept confidential and
    never divulged. at this level, there is no mystical properties related
    to public and private ... purely what is done in conforming to the
    public key business process.

    there is a business process commomingly referred to as digital
    signature where the private key is used to encode the hash of a
    message. then the verification of the digital signature using
    the corresponding public key implies

    1) the message has not changed since signing
    2) "something you have" authentication (aka the signer
    has access to and use of the corresponding private key)

    again no mystical properties other than what is been defined in
    conforming to the digital signature business process and the public
    key business process.

    a relying party places their faith in the "something you have"
    authentication ... to the extent that they understand the
    corresponding business processes and believe that they have been
    followed.

    there is nothing implicit in the digital signing process that carries
    with it that the signer has read (or written), understood, aggrees,
    approves, and/or authorizes (what has been signed).

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  13. Re: When *not* to sign an e-mail message?

    Anne & Lynn Wheeler wrote in
    news:m3ek1gii12.fsf@lhwlinux.garlic.com:

    ....snip valid points...
    > there are all sort of short-comings if you believe that digital
    > signatures translate straight-forward to the same as human signatures.
    > one such is dual-use attack.

    ....snip additional valid points...


    Yep, there are numerous differences betwwen conventional human signatures
    and digital-signing. I concentrated on the verification/validation
    asymmetries between the methods with emphasis on the break with traditional
    legal/commercial burden-of-proof aspects.

    But, as you point out, there are other differences as well; the two methods
    are by no means equivalent. And, accordingly, the reasons for preferring
    one method over the other could vary depending on the circumstances. Even
    with regard to some particular case, the parties themselves could have
    significantly differing interests and preferences regarding signing.

    Regards,


  14. Re: When *not* to sign an e-mail message?

    Andrew Swallow wrote in
    news:dufqbv$b4f$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com:

    ....snip...
    >> Handwritten signatures and their verification have many limitations
    >> and flaws from a technical perspective. However, that doesn't change
    >> that the primary burden of verification rests with the one relying on
    >> the signature and not the other way round. That person must be able
    >> to demonstrate to a competent third party (e.g., a court) that the
    >> signature is valid. The means and standard of that proof (too easy
    >> or too hard) may be a topic for acrimonious debate but that still
    >> doesn't change on whom it falls.
    >>
    >> And I, for one, am not eager to reverse those obligations and
    >> responsibilites.

    >
    > No reversal, just harder to lie.



    "Lying" hardly exhausts the differences between the methods - that is gross
    oversimplification. No, with digital signatures, I, the signer, now have
    assumed a gigantic responsibility re negligence regarding safeguarding my
    keys (a responsibility that doesn't exist with handwritten signatures).
    And, if I have extended my trust regarding keys to, say, Verisign, I have
    taken on an enormous "trust exposure" regarding their preservation of the
    condfidentiality of my keys.

    And it would also mean, for instance, that I must be cryptologically savvy
    enough never to be conned into signing some arbitrary message presented to
    me.

    No, digital signatures are a minefield for the unwary (and even for the
    wary!).

    Regards,

    PS And I could point out other risks as well. For example, unless both
    the hardware and software on my computer are fully trusted and secure (ha!)
    the document ostensibly presented for me to sign onscreen needn't be the
    one I'm actually digitally signing and transmitting. A few moments
    reflection will conjure up a host of other such problems with digital
    signatures.


  15. Re: When *not* to sign an e-mail message?

    "nemo_outis" writes:
    > Handwritten and digital signatures are not equivalent


    that is along the lines of my theme about both terms containing the
    word "signature" can result in semantic confusion; believing that
    because both terms contain the same word that then it follows that the
    two terms have some similarities.

    misc. past posts mentioning semantic confusion arising from both
    terms containing the word signature:
    http://www.garlic.com/~lynn/aadsm3.htm#kiss5 Common misconceptions, was Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
    http://www.garlic.com/~lynn/aepay11.htm#53 Authentication white paper
    http://www.garlic.com/~lynn/aadsm12.htm#30 Employee Certificates - Security Issues
    http://www.garlic.com/~lynn/aadsm13.htm#16 A challenge
    http://www.garlic.com/~lynn/aadsm15.htm#36 VS: On-line signature standards
    http://www.garlic.com/~lynn/aadsm19.htm#7 JIE - Contracts in Cyberspace
    http://www.garlic.com/~lynn/aadsm19.htm#24 Citibank discloses private information to improve security
    http://www.garlic.com/~lynn/aadsm19.htm#25 Digital signatures have a big problem with meaning
    http://www.garlic.com/~lynn/aadsm20.htm#8 UK EU presidency aims for Europe-wide biometric ID card
    http://www.garlic.com/~lynn/aadsm20.htm#44 Another entry in the internet security hall of shame
    http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the security challenges
    http://www.garlic.com/~lynn/aadsm21.htm#24 Broken SSL domain name trust model
    http://www.garlic.com/~lynn/2003k.html#6 Security models
    http://www.garlic.com/~lynn/2004i.html#27 New Method for Authenticated Public Key Exchange without Digital Certificates
    http://www.garlic.com/~lynn/2005f.html#20 Some questions on smart cards (Software licensing using smart cards)
    http://www.garlic.com/~lynn/2005m.html#11 Question about authentication protocols
    http://www.garlic.com/~lynn/2005n.html#51 IPSEC and user vs machine authentication
    http://www.garlic.com/~lynn/2005o.html#42 Catch22. If you cannot legally be forced to sign a document etc - Tax Declaration etc etc etc
    http://www.garlic.com/~lynn/2005q.html#4 winscape?
    http://www.garlic.com/~lynn/2005r.html#54 NEW USA FFIES Guidance
    http://www.garlic.com/~lynn/2005v.html#3 ABN Tape - Found

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

  16. Re: When *not* to sign an e-mail message?

    Andrew Swallow wrote in
    news:dug3sj$3al$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com:


    >> PPS A different signature on my cheques than my contracts? ...or
    >> on my credit cards? ...or on my letters? ...or on my...? Gimme a
    >> break! I do not have a quiver of signatures, nor do most people.
    >> Why don't we talk about this universe rather than the parallel one
    >> you might prefer?
    >>

    > You set the level of paranoia.



    Perhaps it amuses you to be frivolous and irrelevant - but that doesn't
    mean I need indulge you in your silliness.

    Goodbye!


  17. Re: When *not* to sign an e-mail message?

    Anne & Lynn Wheeler wrote in
    news:m3mzg4e17t.fsf@lhwlinux.garlic.com:

    > "nemo_outis" writes:
    >> Handwritten and digital signatures are not equivalent

    >
    > that is along the lines of my theme about both terms containing the
    > word "signature" can result in semantic confusion; believing that
    > because both terms contain the same word that then it follows that the
    > two terms have some similarities.



    Yep, you've made a valid point that should be emphasized in such
    discussions.

    Regards,


  18. Re: When *not* to sign an e-mail message?

    nemo_outis writes:

    > No, in any western system of law, the person relying on the signature
    > (usually the recipient or beneficiary) must prove its validity (e.g., a
    > bank relying on my signature on a cheque must validate it against its
    > sample signature). If it is contested and goes to court it is the bank's
    > burden (to use my example) to satisfy the court that the signatures
    > match.


    Which is trivially easy to do, if the bank did indeed look at the
    signatures--it is sufficient to show the two signatures in court.

    > And that is precisely the point. With a traditional signature system I
    > have one and only one requirement: the performance of the positive act of
    > signing. I do not, with the traditional system, have the additional
    > burden of showing, in a dispute, that a key had somehow escaped from my
    > exclusive control.


    Yes, you do. If the signature matches the model the bank used for
    validation, you have to find a way to prove that it's not your
    signature, even though it looks the same.

    > With electronic signatures I have taken on additional burdens that do not
    > apply with traditional signatures. For instance, I now carry a burden
    > not to be negligent in my keeping the keys safe. And, if the signature
    > is disputed, it would fall on *me* to show that they had somehow leaked
    > or been compromised (e.g., I might have to show Verisign has a corrupt
    > employee). I have taken on (or rather had imposed on me) additional
    > responsibility and the need for a wider net of trust - things I don't
    > have to do the old-fashioned way.


    Still, it is trivially easy to forge a handwritten signature, whereas
    it is not feasible to forge a digital signature. The only reason
    forgery isn't orders of magnitude more common than it is is that most
    people are honest. Handwritten signatures are very easy to forge, and
    it's very hard to prove that a forged signature isn't real.

    > Handwritten signatures and their verification have many limitations and
    > flaws from a technical perspective. However, that doesn't change that
    > the primary burden of verification rests with the one relying on the
    > signature and not the other way round. That person must be able to
    > demonstrate to a competent third party (e.g., a court) that the signature
    > is valid.


    So he holds up enlargements of both and says "see, they look the
    same." Mission accomplished.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  19. Re: When *not* to sign an e-mail message?

    Andrew Swallow writes:

    > It is equivalent to a company using a rubber stamp to sign cheques.
    > Where there are a thousand people on the pay roll it is quite common for
    > the clerks to be given such rubber stamps. It saves the boss a lot of
    > writing.


    In practice, it's a check-signing machine, but your point still
    applies; indeed, with a check-signing machine, it resembles digital
    signatures even more.

    > No reversal, just harder to lie.


    Exactly. And the consequences are more severe if one is careless.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

  20. Re: When *not* to sign an e-mail message?

    nemo_outis writes:

    > Handwritten and digital signatures are not equivalent - the reference to
    > both as "signatures" is at best an analogy, at worst a deception.


    Legally, they are identical.

    > PPS A different signature on my cheques than my contracts? ...or on my
    > credit cards? ...or on my letters? ...or on my...? Gimme a break! I do
    > not have a quiver of signatures, nor do most people. Why don't we talk
    > about this universe rather than the parallel one you might prefer?


    Why don't you refrain from personal attacks in your arguments? The ad
    hominem undermines your credibility.

    --
    Transpose mxsmanic and gmail to reach me by e-mail.

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast