From: rjc@gnu.ai.mit.edu
To: owen@autodesk.com (D. Owen Rowley)
Message Hash: 553cb1c0798447cba60402e38da069faf42c3fe71582b3e0f86e806be2184db9
Message ID: <9310260106.AA03681@kropotkin.gnu.ai.mit.edu>
Reply To: <9310251918.AA26068@lux.YP.acad>
UTC Datetime: 1993-10-26 01:10:09 UTC
Raw Date: Mon, 25 Oct 93 18:10:09 PDT
From: rjc@gnu.ai.mit.edu
Date: Mon, 25 Oct 93 18:10:09 PDT
To: owen@autodesk.com (D. Owen Rowley)
Subject: Re: on the term `signature'
In-Reply-To: <9310251918.AA26068@lux.YP.acad>
Message-ID: <9310260106.AA03681@kropotkin.gnu.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
D. Owen Rowley writes:
>
> > From: rjc@gnu.ai.mit.edu (Ray)
>
> > L. Detweiler () writes:
> > > Consider the term `signature' in the conventional connotation of a
> > > handwritten scrawl. What are the *critical* properties of a handwritten
> > > signature of a person [x]?
> > >
> > > 1) no person [y] can `forge' the signature of [x]
> > > 2) the signature of [x] is unique to [x]
>
> > Well (2) is untrue since I know people who can forge signatures with
> > great precision (even my own).
>
> However if they forged your name on one of your checks, you wouldn't
> take such a blase attitude to it would you?
First, they'd need to be able to get one of my checks, which if they were
digital, would be as hard as getting my private key. If you're going to
allow for private keys to be stolen, you may as well forget about crypto.
It's like saying "what if someone stole cash out of your wallet, how would
you find them and prosecute them." Cash is already relatively untracable so
you argument against crypto is irrelevent. (unless you also want to make
an argument against coins/dollars)
> And in such a case you have an opprtunitty to prosecute them for
> their criminal act of forgery should you be able tpo prove it.
If someone steals one of your checks and forges a signature, how the hell
are you going to catch them anyway? Unless you knew a check was stolen
(in which case you'd notify the bank), your situation is hopeless. Likewise,
with digital signatures, if someone gets you're private key, you simply
issue a cancellation of the key and notify the digibank. The first time
someone attempts to forge a signature (on a digicheck) and cash it, the
bank nabs them.
I make the claim that current checks can be forged by an intelligent criminal
more easily than a digital one could.
> Digital signature systems need to include the ability to track and
> succesfully prosecute criminal
> forgery, or digital signatures are worthless for transactiuons
> that require reliable accountability.
> IMNSHO
How do you forge a digital signature without having the private key of your
victim? I think you are overlooking the obvious. I'd like the hear what
your version of accountability means. Digital Cash systems protect the
honest man, and only reveal an identify if you are dishonest. Detweiler's
argument sounds like he wants an escrow-like system whereby if a forgery
is detected, you get a search warrant and the issuing authority reveals
your true name. If this is the case (identity being protected by the
trust of an ecrow, not mathemtical security), Detweiler has no right to
oppose clipper also.
> What makes you think that the bleak vision of the future reflected in your
> satire above isn't exactly what the typical power/control-freak government
> types want to impose?
I also think it is the eventual future that "risk-fee" freaks want to
impose. In order to eliminate the possibility of pseudospoofing on
the net you need Draconian measures. I think the level accountability of
any person should depend on the type of transaction he is engaging in and
what the other person demands. In other words, it's a private matter. The
average level of accountability will arise out of the sum of all those
private transactions -- spontaneous order.
However, unlike Detweiler, I think both accountability, privacy, and
pseudonyms are compatible. I don't see any need to bring someone's True
Name into it.
> > > If a person cannot be traced based on their digital signatures, where
> > > is the accountability? What if a person signs a document with a
> > > `digital signature' and *breaks* that contract? you have no recourse
> > > unless the identity is ultimately identifiable and you can take `that
> > > body' to court.
>
> > Get a clue for god's sake. Digital signatures won't exist in a vacuum.
> > No one is going to accept the validity of a signature unless it is signed by
> > some trusted/certified authority and that authority would be liable for the
> > person's true name or actions.
>
> right, so where are the systems that certify trust and authenticity?
Well, for starters there is PGP. Then there's the Apple/RSA thingy which
requires notarized documents.
-- Ray Cromwell | Engineering is the implementation of science; --
-- EE/Math Student | politics is the implementation of faith. --
-- rjc@gnu.ai.mit.edu | - Zetetic Commentaries --
Return to October 1993
Return to “rjc@gnu.ai.mit.edu”