Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

[<home_pw@msn.com>]

> On Thu, 11 Jan 2007 11:33:01 -0800
> <home_pw@msn.com> wrote:
>
>> I've lost track of the URL, but somewhere on an 
>> MSN/Microsoft site it
>> once had a click-signature mechanism. "Click the Agree 
>> button" to be
>> legally bound to something, over the SSL channel. That is 
>> not
>> particularly remarkable, of course. However, there was 
>> specific and
>> remarkable legal blurb justifying this as an "electronic 
>> signature".
>> I recall reading it, wide-eyed.

> Sure, such paper -- or such mouse clicks -- can be forged, 
> and there
> isn't the technical attribute of non-repudiation.  If it 
> comes to a
> court fight, you can make that argument.  You can also 
> make the
> argument that a digital signature was forged because your 
> key was
> stolen or your machine was hacked.
>
> In any event, your analysis and conclusions are wrong.

I thought I was commenting on the fact that (a) it claimed 
the click to be an electronic signature (versus a clickthru 
_agreement_) (b) it's a click over SSL (c) whats intesting 
is that the recordation requirement of ESIGN can only be 
being satisfied using an SSL audit trail (which is germane 
to the TLS Evidence work item proposal analysis)

Im perfectly well aware that a digital signature is but one 
kind of electronic signature under ESIGN laws. I was wide 
eyed about the claim that it satisfied the legal definition 
of electronic signature (in the public law). Normally, folks 
allude to other legal bases, common practice about agreement 
formulation ,etc. This was SPECIFIC to be claiming to 
satisfy the rules under ESIGN. You don't see this, very 
often.

http://www.ftc.gov/os/2001/06/esign7.htm

>
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
 


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls