Dignature verification problem
Anthony E. Greene
agreene@pobox.com
Fri Aug 9 12:37:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08-Aug-2002/13:36 -0400, Anton Stiglic <astiglic@okiok.com> wrote:
>The thing is that if Alice first encrypts the message under Bob's public
>key, Alice has no control over how Bob's public key was created, and Bob
>could later on change his public key in a way that the ciphertext Alice
>signed decrypts to a different message, thus if Alice signs the
>ciphertext you cannot assume that Alice has any knowledge of the data she
>actually signed.
And if she signs the plain text, how do you know that she has any knowledge
of the data she actually signed?
Signing is an affirmative act. The signature does not mean that the
person actually knows what they are signing, but only that they are
willing to assume responsibility for knowing. Whether they actually know
or not is not relevant to the legal responsibility for the signature.
(U.S. case law)
Tony
- --
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <mailto:agreene@pobox.com> 0x6C94239D
iD8DBQE9U5t0pCpg3WyUI50RAkKxAKCq8gmGn7fcRR7uhTi5h08a9dS0YwCfVXBn
4kYyx9ZqeBEDeSbVTujg+qI=
=eCxj
-----END PGP SIGNATURE-----