Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Moving On E-Signatures

Posted by ryuzaki0 on from the sign-with-a-0101011101010101010101000010 dept.

Silas writes: "Well folks, Congress is moving along with attempts to make digital signatures legally binding for online transactions, public and private." Many pros and cons if this goes through, but I'm definitely looking forward to reducing my mail.

5 of 158 comments (clear)

  1. Post office would be perfect for this by Greyfox · · Score: 5
    The Post Office would be perfect for this job. You've got a branch office in every city in the USA (Minimum requirement to be a city anywhere in the south is that there be a Post Office and a McDonalds.) Why not implement a scheme like this:

    1) Create a key in PGP or GPG.

    2) Put the public key on a floppy and take it down to the Post office.

    3) Show them your passport or your drivers license and Social Security card and give them the floppy and $5.

    4) They put it on their LDAP keyserver, accessable at ldap.usps.gov.

    5) Anyone wanting to authenticate your identity would check there.

    You could offer some really neat features in a system like this, such as the possibility of creating arbitrairly anonymous keys for use in handle based fora or Hotmail accounts. If your key is compromised, you'd just go to the Post Office and issue a cancel certificate. Ideally there'd be limitations of liability similar to what you get with credit cards if you issue a cancel certificate in a timely fashion after discovering your keys have been potentially compromised. Especially since most computers on the net are insecure.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  2. This is an exception by / · · Score: 4

    This is one of those areas of the law where all we need is a standard to agree upon, and it doesn't matter too much what exactly that standard is. It's no more oppressive than having governments regulate what gauge the railroads use.

    --
    "If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
  3. This *is* a good idea by Somnus · · Score: 5
    The increases in efficiency and organization are obvious. However, people are uncomfortable with the supposed security flaws. Some issues which I consider myths:
    • It's all over if a cracker takes my private key! Well, would he/she not still need a passphrase? Just make sure passwords are not cached (this, I admit, is the weak link). Also, you can issue revocation certificates; even if someone else knows the passphrase and has your key, they cannot revoke a revocation certificate.
    • Then the government/corporation/slashdot-satan-for-today will know who I am! Yes, just like with your handwritten signature on any official document, esp. those requiring notarization.
    • My encrypted stuff can be cracked! This takes an immense amount of computer power, and most people are simply not that important. How would you encrypt things at all without computer cryptography? You could be like Richard Feynman, and create codes with your spouse to send encrypted hand-written love letters, but I personally don't have the time or mischievious inclination for that.
    • When I get a signed email from some beautiful celebrity who wants to go out with me, how do I know it's her? That's why all public keys that matter are themselves signed by authentication services, like VeriSign. For personal keys, use these services or maybe the notaries at your local banks will catch on to another money-making opportunity.
    Any disagreements? Am I missing any critical factors?


    *** Proven iconoclast, aspiring epicurean ***
  4. Beware signed EULA by c_a_moffitt · · Score: 4
    Is anybody else afraid that these digital signatures could be applied to future software EULAs giving them actual real power?

    Please digitally sign here in order to install the software that you have already opened and can no longer return. Oh, this means you have already read the 50 pages of draconian fine print with your lawyer present.

    Craig

  5. for all the nay-sayers by eries · · Score: 4
    let's not be too negative yet. I still think could be a really interesting step, as long as appropriate measures are made to confirm the digital signature for important transactions. Just like a bank won't give you a big loan without you coming in in person so they can verify that you're real. It would be nice if we could get a setup like current credit cards - not 100% secure but if your signature gets compromised you have pretty easy recourse to have the damage undone.

    Is that feasible? Technically? Legally?

    Want to work at Transmeta? MicronPC? Hedgefund.net? AT&T?

    --
    Can your IM do this?