Question to german users/ Frage an deutsche Benutzer
Wed May 28 09:31:02 2003
On Tue, 27 May 2003 23:47:30 +0200, Ingo Klöcker said:
> months. So sooner or later (most likely later) all members of the EU
> will have a corresponding law.
The EU directive is still much more relaxed than the German signature
law even after it has been adjusted to the directive. IIRC, the EU
does not demand a dedicated hardware.
> Until the first court decision declares the opposite if one of the
> parties suddenly decides not to accept OpenPGP signatures anymore.
You are free to do what you want in a contract; it should even be
possible to agree that no signature at all is required for further
contracts. OTOH, it is easier in court to prove things given using a
handwritten signature or using a well-known digital signature
protocol. If there are doubts the judge has to hear an advisor, be it
for a hadnwritten signature or a digital one.
> True. But I doubt there will ever be a qualified signature using OpenPGP
> since S/MIME is favored by the government (-> SPHINX) and because it
There is nothing in the EU directive, the German signature law (SigG)
or its bylaw (SigV) which defines a specific protocol. The RegTP
(telecomminications and postal regulation authority) merely needs to
declare the system to be in compliance to the SigV. If a RegTP
accredited CA decides to offer a OpenPGP signature card, it is very
well possible to have a qualified digital signature based on OpenPGP.
> would be too confusing if there were two competing types of qualified
Every German crypto vendor has its own idea on how to implement a
digital signature protocol. The German DINSIG specification dies not
specify every detail and as with all OSI protocols different
implementations don't work very well together.
SPHINX does not aim for SigV compliance.
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi