Digital signatures have a big problem with meaning

Wed Jun 1 13:50:04 EDT 2005

On Wednesday 01 June 2005 15:07, dan at geer.org wrote:
> Ian G writes:
>  | In the end, the digital signature was just crypto
>  | candy...
>
> On the one hand a digital signature should matter more
> the bigger the transaction that it protects.  On the
> other hand, the bigger the transaction the lower the
> probability that it is between strangers who have no
> other leverage for recourse.

Yes, indeed!  The thing about a signature is that
*it* itself - the mark on paper or the digital result
of some formula - isn't the essence of signing.

The essence of the process is something that
lawyers call "intent" (I'm definately not clear on
these words so if there are any real lawyers in
the house...).  And, when the dispute comes to
court, the process is not one of "proving the
signature" but of showing intent.

And as the transaction gets bigger, the process
of making and showing intent gets more involved,
more complex.  So it is naturally ramped up to the
transaction, in a way that digsigs just totally miss
out on.

Which means that the digital signature school
got it completely wrong.  A digital signature is
only "just one more" element in a process that
is quite complex, involved, and goes back into
history more years than we can count.  It is
therefore completely unlikely that a digsig will
ever replace all that;  however it is quite possible
that a digsig could comfortably add a new element
to that process.

(Speaking here of common law, which is not
universally applicable...)

> And, of course, proving anything by way of dueling
> experts doesn't provide much predictability in a jury
> system, e.g., OJ Simpson.

And this is where we found for example the OpenPGP
cleartext digital signature to be the only one that
has any merit.  Because it can be printed on paper,
and that piece of paper can be presented to the
jury of an O.J.Simpson style case, or even a Homer
Simpson style case, this carries weight.

An OpenPGP clear text signature carries weight
because it is there, in black and white, and no
side would dare to deny that because they know
it would be a simple matter to go to the next level.

But any other form of non-printable digital signature
is not "presentable" to a jury.  What are you going
to do? Throw a number in front of a jury and say its a
signature on another number?  It's a mental leap of
orders of magnitude more effort, and there are many
ways the "other side" could sidestep that.

iang

PS: To get this in x.509, we coded up cleartext
sigs into the x.509 format.
-- 
Advances in Financial Cryptography:
   https://www.financialcryptography.com/mt/archives/000458.html

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com