Re: [openpgp] Steven Mason's "Electronic Signatures in Law" now in 4th edition and FREE!

vedaal@nym.hush.com Mon, 19 December 2016 19:08 UTC

Return-Path: <vedaal@nym.hush.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B70E1295CA for <openpgp@ietfa.amsl.com>; Mon, 19 Dec 2016 11:08:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hush.ai
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6iyUO7gSkk0 for <openpgp@ietfa.amsl.com>; Mon, 19 Dec 2016 11:08:50 -0800 (PST)
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8253120727 for <openpgp@ietf.org>; Mon, 19 Dec 2016 11:08:50 -0800 (PST)
Received: from smtp3.hushmail.com (localhost [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 3910EE025E for <openpgp@ietf.org>; Mon, 19 Dec 2016 19:08:50 +0000 (UTC)
X-hush-tls-connected: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=hush.ai; h=date:to:subject:from; s=hush; bh=I9uZ/r5tI3uZrh0aL/tE9Zd85FjiLkEN3J2eOR2LGR0=; b=DbLfKfvWX2McoZW1yUg3QI7zPV9ImG7sFXvHiSiRV5NT0jXaIJoafHinVPk+XCOUzaQ8sxtrnMSysuTnt75PVAErPfTk/AKRLRyIxm+ovXsQ7IV2n+jfSZ4muHdksHouUOHQLs9DQuvCnLt/KJUs652LelX+DBK9KhrIQj7oQS6Wh9ftWQ+kAnc/BzO+5wPEqB4jZGxCc2+jHSPpiN1avGn3OKEZIsWOHHFN2C1Bxjlh4a+uqV4cZm2z81P/QBKjt8fFonv5dtI2Vha0YjUN4VwMFLQ/xtYQPfPVzGP+rsbz63P7Sbrt6DS8rqNq5uOMkKgvtJBjvLM8Mgw0MjKrJg==
Received: from smtp.hushmail.com (w7.hushmail.com [65.39.178.32]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.hushmail.com (Postfix) with ESMTPS for <openpgp@ietf.org>; Mon, 19 Dec 2016 19:08:50 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99) id 0163E40630; Mon, 19 Dec 2016 19:08:49 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 19 Dec 2016 14:08:49 -0500
To: "openpgp" <openpgp@ietf.org>
From: vedaal@nym.hush.com
In-Reply-To: <CAMm+Lwiq7GhwE1pc+vF1Dgvb5TbEFYoJMCjuS1hr685AfM1k8A@mail.gmail.com>
References: <20161129091837.GA25812@littlepip.fritz.box> <1480411542920.18425@cs.auckland.ac.nz> <54a2cbfb-70e2-4655-b5bb-3ded94ba3cec@iang.org> <CAMm+Lwiq7GhwE1pc+vF1Dgvb5TbEFYoJMCjuS1hr685AfM1k8A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="=_977a0e98e8f92e6a6b32c87172aa4e8c"
Message-Id: <20161219190850.0163E40630@smtp.hushmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/p0FHTbp87cFsH6h4vY7yJwAMhJo>
Subject: Re: [openpgp] Steven Mason's "Electronic Signatures in Law" now in 4th edition and FREE!
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 19:08:52 -0000


On 12/10/2016 at 11:08 PM, "Phillip Hallam-Baker"  wrote:
​Which would appear to remove the argument that we should avoid
digital signatures because they are too difficult. It really isn't
that difficult to see that the digital signature does not make the
legal position any worse than it is with regular email and could if
correctly applied make things a lot better.
What we are really talking about here is not merely the creation of an
autography but the performance of an intentional act of signing.
I don't think that a regular email application or for that matter any
general purpose communication mechanism should be used for that
purpose. Rather, intent to sign should be expressed through a separate
application and a key that is specific for that purpose.

=====

There is a commercial product called Docusign 
https://www.docusign.com/

I'm not familiar with the specifics, but it seems not to have done
away with the central issue, of trusting that the signer is the real
person whose name is being signed, just as an open-pgp signature is
not trusted unless one trusts that the signing key belongs to the
person of that name.

Just as anyone can create a pgp signing key with any name,  anyone
(with the proper personal information) can create a Docusign
key/certificate.
vedaal