Re: [E-CARM] PKI, CAs, TTPs &c.

["Bob Jueneman" <BJUENEMAN@novell.com>]

Carl,

>By holographic signatures, do you mean handwritten signatures?
>
>An observation by Matt Blaze seems appropriate here:
>
>digital signatures are bound tightly to the signed document and only loosely 
>to the signer
>
>handwritten signatures are bound tightly to the signer and only loosely to 
>the signed document

Although there is a grain of truth in the above, it is just a grain. 

Most handwritten signatures aren't even legible, and might as well 
be a "chop". That's why most documents require you to print or type 
your name, in addition to signing. So a handwritten signature is only very loosely
bound to the signer's identity.

As to whether the handwritten signature is bound to the signer's persona,
that is a metter that can only be judged by a so-called "expert" in handwriting
analysis. yedt there is some reason to believe that these experts may 
do no better job distinguishing between a forgery and a genuine signature than 
the ordinary lay person.

And as Ed Gerck has pointed out in another context, lasers can be used 
to remove an ink signature without a trace, even if it was appended to every 
page, and even if it weren't possible to amend the text of a printed 
document without detection.

So handwritten signatures are bound only very loosely (less than 50% confidence)
to the signer, and even more loosely to the signed document.

Therefore, commerce as we know it today is impossible, because 
the technology upon which it rests is insecure. :-)

bob

---

Follow-Ups:

• Matt's observation
• From: Carl Ellison <cme@Cybercash.COM>

---

• Prev by Date: Re: [E-CARM] PKI, CAs, TTPs &c.
• Next by Date: Re: [E-CARM] PKI, CAs, TTPs &c.
• Prev by thread: Re: chops
• Next by thread: Matt's observation
• Index(es):
  • Main
  • Thread