Question to german users/ Frage an deutsche Benutzer

Werner Koch wk@gnupg.org
Wed May 28 13:51:38 2003


On Wed, 28 May 2003 11:19:45 +0200, Matthias Mansfeld said:

> And, honestly said, in real life a handwritten signature can be 
> spoofed 1000% easier than a OpenPGP or S/MIME or whatever digital 

It is not only the signature a judge or advisor takes into account.
There is a lot more evidence, like circumstances when signing the
document, the type of paper, printed letterheads. Furthermore it is
possible to apply technical analysis to the ink and paper and compare
it with others.  And you can't automate signing documents with
handwritten signatures; thus mass attacks are not possible.

Furthermore, we know for several hundered years how to cope with
signed documents on paper, out experience with digital signature is
only a few years old if at all.

IIRC, Russ Anderson has something to say about this in his Security
Engineering book.  Get it; is a really thrilling book and a MUST for
everyone working on security.


Shalom-Salam,

   Werner


-- 
  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi