From ld231782 Sun Oct 24 22:56:04 1993 Return-Path: Received: from jenkins.lance.colostate.edu by longs.lance.colostate.edu (5.65/lance.1.5) id AA06984; Sun, 24 Oct 93 22:55:58 -0600 Message-Id: <9310250455.AA06984@longs.lance.colostate.edu> To: cypherpunks@toad.com Cc: ld231782 Subject: on the term `signature' Date: Sun, 24 Oct 93 22:55:57 -0600 From: "L. Detweiler" X-Mts: smtp Consider the term `signature' in the conventional connotation of a handwritten scrawl. What are the *critical* properties of a handwritten signature of a person [x]? 1) no person [y] can `forge' the signature of [x] 2) the signature of [x] is unique to [x] Look closely at (2). What value would `signatures' have in our society if they could not be traced to unique individuals? Virtually everyone here will probably say `no problem' but this aspect is a very critical aspect of the legal basis for signatures as a certificate of identity. If a person cannot be traced based on their digital signatures, where is the accountability? What if a person signs a document with a `digital signature' and *breaks* that contract? you have no recourse unless the identity is ultimately identifiable and you can take `that body' to court. This `two way street' is the crucial ingredient for the legal value of handwritten signatures. A person can indicate they consent to an agreement or certify something as genuine originating from themselves (one way). But on the other hand, if the agreement is broken or there is some question of authenticity *independent* of the signature (i.e., suppose someone has broken the signature security) there is recourse in retracing the path back to the original signer (the other way). Many here are championing that the loss of (2) with `digital signatures' and completely untracable identities is `liberating'. But there is a price to pay, perhaps very great. It is simply an unworkable system anywhere serious accountability is required (such as related to a job, etc.) Sure, if all people want to do is get into twisted debate contests, the absence of (2) certainly encourages it (speaking from experience). Because digital signatures alone are not really strictly analogous to written signatures because of the lack of property (2) above, perhaps a better term would be `identification tag'. Adding the guarantee that a given signature can be traced back to a human entity, with the use of a database or otherwise, makes them truly `digital signatures'. please cc: me in any replies.