[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasonableness

To: BJUENEMAN@novell.com (Bob Jueneman)
Subject: Re: Reasonableness
From: Adam Shostack <adam@homeport.org>
Date: Tue, 7 Jul 1998 12:54:46 -0400 (EDT)
Cc: adam@homeport.org, cme@acm.org, spki@c2.net, egerck@laser.cps.softex.br
In-Reply-To: <s5a1f8e2.011@novell.com> from Bob Jueneman at "Jul 7, 98 10:30:31 am"
Sender: owner-spki@c2.net

Bob Jueneman wrote:

| With respect, I submit that all too often, the better is the enemy
| of the good. 

	Indeed it is.  But if we change the liability model that
customers have to deal with, we should be careful to do so in such a
way that is consensual, such that I may choose to accept risk for
convinience.  Many of the changes being put forth in society at large
(the switch to direct deposit for social security, as an example), are
requiring people change their behavior without their consent.

	If we are going to pass laws that apply to this new
technology, we should consider if the benefits of those laws are
equally distributed, or if those laws are redistributing risk for the
convinience of some parties.

	So, while the better should not prevent the good from being
built or deployed, we should ask in the case of creating a rebuttable
presumption, whose good is being served, and is that good fairly
distributed?  I don't believe that a rebuttable presumption is
justifiable at this time.

| We should not require absolute perfection as a precondition for
| using technology. We don't have perfection anywhere else, notoriously so
| in the case of written signatures, so why should this area be an exception?

	I didn't ask for perfection, I asked for a degree of
reliability and understandability equal to the technology being
replaced.  Why should we have that?  Because it changes the burden of
risk, and it does so by passing a law, rather than having the parties
agree to the change.

| That doesn't mean that we should be sloppy in the creation and use of the 
| technology, nor does it mean tthat we should be either draconian or laissez faire
| in our approach to the law.
| 
| It means that we should be willing to take some modest risks in the 
| expectation of modest gains. I don't expect digital sigantures to completely
| revolutionize electronic commerce (what ever THAT is), and certainly not 
| overnight.

	I agree, but creating a rebuttable presumption is not, and I'm
not a lawyer so I may be off-base, but its not a modest change.  This
is largely due to the need for an expert to understand how to go about
rebutting that presumption and the likelyhood that crucial data will
not be archived, or not archived in a form that is valid as evidence.
So the change to a rebuttable presumption that a signature is valid
moves the responsibility from us to the customer.

	I struggle with the question of is this a sufficient good that
we shouldn't employ its failings to prevent it?


	This may have wandered off base for the SPKI list.  I see SPKI
as a durn useful tool for building computer security applications,
with no presumption of anything behind them, so I'll offer you the
last word, and respond in private.

Adam


| But as an example of what people are willing to put up with, last weekend I took
| my wife to the Snowbird ski resort, just to walk around and ride the tram to the top.
| I happened to look at the fine print on the tram ticket, which clearly states that
| anyone who uses the ticket, no mattter how acquired (i.e., even if you stole it, and 
| hence they had no contractual relationship to you), you agree to waive any and 
| all claims for personal injury, DEATH, or property damage, EVEN IF SUSTAINED
| THROUGH THE NEGLIGENCE OR OTHER FAULT OF SNOWBIRD!!!
| 
| Good luck trying to enforce that, says I.  I'd love to see what kind of a CPS they would
| write!
| 
| Bob
| 
| >Bob Jueneman wrote:
| >
| >| There are really three separate issues here:
| >| 
| >| 1.  Under what circumstances should a digital signature be rebuttably
| >| presumed to be valid?
| >
| >	When the software used to produce it comes with a warranty.
| >
| >	I believe Carl's point to be that grandma can not be relied on
| >to understand the technology.  I've been mulling this, and am not sure
| >that it matters.  (My thought experiment has been, should we hold Bob
| >to a higher standard of proof because he clearly understands the
| >issues?  The answer I arrive at is that we should not, in part because
| >even Bob is unlikely to be able to ensure that his understanding of
| >what the software is doing is reflective of reality.  By ensure, I
| >mean be roughly as confident in his answer about his digital signature
| >software as he is about his physical checkbook.)
| >
| >Adam
| >
| >
| >-- 
| >"It is seldom that liberty of any kind is lost all at once."
| >					               -Hume
| >
| >
| 
| 
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Prev by Date: Re: Reasonableness
Next by Date: RE: RE: RE: Final Year Thesis : SPKI
Prev by thread: Re: Reasonableness
Next by thread: Re: Digital Signature laws
Index(es):
- Main
- Thread