Anders, >[...] >Personally, I think denial of digital signatures if you have local >receipts will practically never happen. Also I consider fraudulent >signatures as a less important problem than fraudulent authentications as >transactions often can be reversed, but authentication can't. I.e. if you >got "classified" information in your (fraudulent) hands you got it.
>cheers, >Anders I'm not sure. At least here in Europe we had "phantom transactions" at ATMs. Reasons I remember have been eavesdropping of PINs, maintenance errors, fake ATMs, etc. Today, it is hard to tell between somebody whose ATM-PIN was attacked, and somebody who only claims that his PIN was attacked. I think we have to anticipate that log-in procedures into signature systems may also be attacked. Actually the difference between using a local signature implementation in a networked office-PC and using a server-based one may be small - the user doesn't really control either system. But on the server-based system, by definition other people have control of the password. And not all transactions can easily be reversed, in particular not money transations. Kind regards Arnd ----- Original Message ----- From: "Clara Centeno" <[EMAIL PROTECTED]> To: "Gary W. Fresen" <[EMAIL PROTECTED]>; "Weber, Arnd" <[EMAIL PROTECTED]> Cc: "'Anders Rundgren '" <[EMAIL PROTECTED]>; "''internet-payments ' '" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, April 23, 2002 11:16 Subject: Re: AW: Digital signatures in Finland Dear Anders, Arnd and Gary, I attended last October a presentation from the lawyer Bensoussan (Paris, 2001) who was defending that, at least during the introduction phases, digital signatures will have a legal disadvantage compared to hand-written signatures. This is due to the fact that the validity of electronic signatures has to be proved when brought to court as proof, i.e. the link between the signatory and the text signed has to be proved as well as the unaltered storage from the moment of creation until brought to court. This requirement together with the general lack of familiarity with such digital proofs in court, will create the legal disadvantage. I would be interested to know your view Regards, Clara (ePSO-team) P.S. ePSO, the electronic Payment Systems Observatory, published a report in Nov 2001 on the potential of PKI and digital signatures for securing retail payments that may be of your interest, located at: http://epso.jrc.es/Docs/Backgrnd-6.pdf. The report questions the adequacy or timing of digital signatures to secure retail payments in the short term and explores the potential synergies of a co-operation between the private and the public sectors in the area of PKI and digital signatures. ___________________________________________ Clara Centeno e-Payment Systems Observatory (ePSO) Institute for Prospective Technological Studies DG JRC - European Commission Tel : +34 95 4488 352 Fax : +34 95 4488 208 e-mail : [EMAIL PROTECTED] web: http://epso.jrc.es