On 30 October 2011 05:21, Eric Abrahamsen <[email protected]> wrote: > I own a small business that works with contractors all over the world, > and I'm currently scratching my head over the issue of signing > contracts. I know that gpg can/has been used to this purpose, but I > wanted to ask the list's advice. There isn't a whole lot of information > on the webs on the issue, this is the most thorough description I found: > > http://wiki.bitcoin-otc.com/wiki/GPG_Contract > > Is there a general sense that this is viable (at least as viable as > scanning and emailing contracts that have been signed with a pen)? Does > the process outlined in that webpage have any gotchas? To wit (apologies > for hackneyed "Bob and Alice"): > > 1. Bob writes a contract; the names and fingerprints of both Bob's and > Alice's PGP keys are included in the original body of the contract. > 2. Bob clearsigns the contract, sends to Alice. > 3. Alice verifies Bob's signature, then adds text *outside* of the part > of the contract signed by Bob, to the effect that she agrees to this > contract. She clearsigns the entire contract (including Bob's > signature) and sends it back to Bob. > 4. Bob verifies his own original signature, to prevent tampering. > 5. Bob verifies Alice's signature. > > Are there any technical pitfalls here? The main one that I can think of > is that this potentially reverses the incentive for verifying key > ownership -- usually you're working to prove that you *do* own a key, > whereas now you might have a reason to temporarily fake ownership of a > key you don't own (allowing you to later legally repudiate a contract). > I can't think of how that would actually play out, but it seems like > the system as a whole was not designed in this direction… > > As for the legal validity of such a process, I can do my own research, > but if anyone had anything to note, that would be appreciated!
Any help? http://www.w3.org/TR/xmldsig-core/ > > Thanks, > Eric > > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
