[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PKI-TC Action Item in Preparation
Dear list, In spite of the EU signature directive, originally issued 1993, digital signatures in the nowadays ubiquitous web- environment is still a "solution-provider" thing. A remedy is though in preparation: http://w1.181.telia.com/~u18116613/onlinesigstdprop.ppt In case anybody in this list aware of any similar effort, I would be most interested to get in touch with those. Only defining what is in-scope and what is out-of-scope turned out to be a daunting task, as on-line signatures have essentially not been researched at all. One common view is that "Windows is like a virus, so to use Windows is out-of-scope". Regardless of what one think of Windows, I believe this view is principally wrong as operating system integrity is a generic problem, not more related to digital signatures than storing confidential information or performing other mission-critical operations. Another view is that "On-line signatures are for protecting users against fraudulent merchants". This also seems to be principally wrong. A signature essentially has no "value" except for the "receiver" as a "sender" may create anything on his/her own making the sender's copy invalid as an evidence. That is, on-line signatures are mainly intended to protect service providers from fraudulent users, which though in turn indirectly protects the legitimate users as well. The addition of a "signature procedure" hopefully makes users less suspectible to accept signature requests without first actually looking at the content. cheers Anders Rundgren
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]