From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: cypherpunks@toad.com
Message Hash: 72d0077dbc549240be55cc6da1a7dd3d956ce68ec83cdd4c82c12faa507f2374
Message ID: <9310250455.AA06984@longs.lance.colostate.edu>
Reply To: N/A
UTC Datetime: 1993-10-25 04:58:48 UTC
Raw Date: Sun, 24 Oct 93 21:58:48 PDT
From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Sun, 24 Oct 93 21:58:48 PDT
To: cypherpunks@toad.com
Subject: on the term `signature'
Message-ID: <9310250455.AA06984@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain
Consider the term `signature' in the conventional connotation of a
handwritten scrawl. What are the *critical* properties of a handwritten
signature of a person [x]?
1) no person [y] can `forge' the signature of [x]
2) the signature of [x] is unique to [x]
Look closely at (2). What value would `signatures' have in our society
if they could not be traced to unique individuals? Virtually everyone
here will probably say `no problem' but this aspect is a very critical
aspect of the legal basis for signatures as a certificate of identity.
If a person cannot be traced based on their digital signatures, where
is the accountability? What if a person signs a document with a
`digital signature' and *breaks* that contract? you have no recourse
unless the identity is ultimately identifiable and you can take `that
body' to court.
This `two way street' is the crucial ingredient for the legal value of
handwritten signatures. A person can indicate they consent to an
agreement or certify something as genuine originating from themselves
(one way). But on the other hand, if the agreement is broken or there
is some question of authenticity *independent* of the signature (i.e.,
suppose someone has broken the signature security) there is recourse in
retracing the path back to the original signer (the other way).
Many here are championing that the loss of (2) with `digital
signatures' and completely untracable identities is `liberating'. But
there is a price to pay, perhaps very great. It is simply an unworkable
system anywhere serious accountability is required (such as related to
a job, etc.) Sure, if all people want to do is get into twisted debate
contests, the absence of (2) certainly encourages it (speaking from experience).
Because digital signatures alone are not really strictly analogous to
written signatures because of the lack of property (2) above, perhaps a
better term would be `identification tag'. Adding the guarantee that a
given signature can be traced back to a human entity, with the use of a
database or otherwise, makes them truly `digital signatures'.
please cc: me in any replies.
Return to October 1993
Return to “rjc@gnu.ai.mit.edu (Ray)”