Question to german users/ Frage an deutsche Benutzer

[Werner Koch]

On Tue, 27 May 2003 23:47:30 +0200, Ingo Klöcker said:

> months. So sooner or later (most likely later) all members of the EU 
> will have a corresponding law.

The EU directive is still much more relaxed than the German signature
law even after it has been adjusted to the directive.  IIRC, the EU
does not demand a dedicated hardware.

> Until the first court decision declares the opposite if one of the 
> parties suddenly decides not to accept OpenPGP signatures anymore.

You are free to do what you want in a contract; it should even be
possible to agree that no signature at all is required for further
contracts.  OTOH, it is easier in court to prove things given using a
handwritten signature or using a well-known digital signature
protocol.  If there are doubts the judge has to hear an advisor, be it
for a hadnwritten signature or a digital one.

> True. But I doubt there will ever be a qualified signature using OpenPGP 
> since S/MIME is favored by the government (-> SPHINX) and because it 

There is nothing in the EU directive, the German signature law (SigG)
or its bylaw (SigV) which defines a specific protocol.  The RegTP
(telecomminications and postal regulation authority) merely needs to
declare the system to be in compliance to the SigV.  If a RegTP
accredited CA decides to offer a OpenPGP signature card, it is very
well possible to have a qualified digital signature based on OpenPGP.

> would be too confusing if there were two competing types of qualified 
> signatures.

Every German crypto vendor has its own idea on how to implement a
digital signature protocol.  The German DINSIG specification dies not
specify every detail and as with all OSI protocols different
implementations don't work very well together.

SPHINX does not aim for SigV compliance.


-- 
  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi