On Thursday 31 May 2007 09:50, Oliver Frank wrote: > > 1. You know who wrote it > > 2. You know that is not corrupted > > 3. You know when it was written > > 4. You do not need to store a paper copy > > 5. It actually does allow real paperless communication > > The last two points have nothing to do with digital signing.
and you don't know #3 either - all you can say that after you received it, the sender cannot change the timestamp on the document any more. #1 is strictly only valid if the key was never out of the hands of the owner, which is not given with HeSA generated keys #2 regarding accidental (as opposed to deliberate) corruption is also doable without digital signatures (by appending a simple checksum, or encrypting w/o signing) So it looks like all points 1-5 don't hold water if we look close enough. Don't get the wrong impression - I am still in favour of digital signatures, I have been practising them for more than a decade myself - but we have to do it right. Not this crazy idea of *mandatory* third party generated "private" keys, and not this crazy idea of mandating proprietary technology and problematic hardware drivers. Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
