[Cryptography] Proposal of a fair contract signing protocol

[Allen]

> Step 1: Alice formulates a contract document C, assigns to it a unique
> identifier, generates with visual cryptography a pair (X, Y), signs X
> and sends a message containing signed(Alice, X) and Y and a promise
> (a conditioned commitment) that she will sign Y in case Bob signs X and
> Y, to Bob.


As you stated previously, Alice's "promise" is enforceable in court by Bob,
so as soon as Alice sends her promise, she is bound while Bob is not, and
therefore the protocol fails any reasonable definition of "fairness".

Also note that to the extent your protocol depends on "time", i.e., that
actions must be taken within a certain time, a third party notary would be
required to certify the timestamps, since it is not possible for the
parties to do this themselves.

Finally, the protocol is still insufficiently specified IMO, in that it
does not include a clear and complete discussion of all the different
scenarios and conditions that can arise during the execution of the
protocol and how those would be handled.

I think this thread has run its course and no further discussion would be
beneficial, since no progress has been made at fixing the protocol or
addressing its shortcomings despite the many emails pointing out the
various issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160629/20db632a/attachment.html>