Am Sonntag, 30. Oktober 2011, 05:21:56 schrieb Eric Abrahamsen: > Is there a general sense that this is viable (at least as viable as > scanning and emailing contracts that have been signed with a pen)?
I think there are two points: 1) What exactly does a digital signature mean? 2) Can you prove that the signing key belongs to the person you have to sue in case of doubt? to 1): it is not obvious that a signature for a document means that the signer feels bound be that document. The signature can mean "I sign all documents so that the recipient can be sure it is from me (and unmodified)." This would not be the same like a signature by hand below a treaty (just like a signature on the back of a treaty paper probably would not be accepted by courts). German signature law requires "to add the name to a document and sign it then by a (legally) valid key". I am not sure what that means. I think of a signature over two "files", the document and a file containing the name. But that has its risks, too. I guess that a signature over two files is just a signature over the combined files. So you would have to check that the document you sign (as usual) does not "happen" to contain your name at the end. Probably certain document formats (or rather applications) do not care about some data behind the recognized part and do not show that data. This just inspires me: The meaning should be obvious by the signature itself. That is a good example for standardized signature notations. As long as the law does not, you have to make clear what signature is required for formally accepting a treaty (represented by a document). You could require a signature: [email protected]=yes. Or you require a signature by a certain key which is used for accepting treaties only (and thus cannot accidentally create signatures). To be safe you need a treaty which makes clear the usage of digital signatures. I just catch myself: I have made such treaties before but not covered the problem I just described. :-) to 2): It is a difference whether a) you can be sure that a key belongs to a person (which is easily done by checking the fingerprint) b) you can prove in court that the key belongs to the person. You either need a third party which is trusted by the courts (not your court but the one where you have to sue the other one...) or a treaty with a hand signature. This is easy: "I admit to be bound by signatures by the key identified by this fingerprint until further notice (key revocation): ..." Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
