Carl Ellison wrote:
        If you want to use cryptography for e-commerce, then IMHO you need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/he accepts liability for any digitally signed statement that can be
verified with that public key.

One of the things my paper discusses is that under UK law a signature on an email is just as binding as on paper, because contracts are all about intent to be bound and not the medium in which they are captured. Of course, if you want to repudiate an email it is probably easier, especially if you signed it by typing your name at the bottom (yes, this is a valid signature under UK law), but that's a judgement call on the part of the relying party.

        Any attempt to just assume that someone's acceptance of a PK
certificate amounts to that contract is extremely dangerous, and might even
be seen as an attempt to victimize a whole class of consumers.

Agreed - as I say, its all about intent and reliance. Nothing is automatic.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to