Best practice for periodic key change?

Robert J. Hansen rjh at sixdemonbag.org
Sat May 7 23:56:37 CEST 2011


On 05/07/2011 02:49 PM, MFPA wrote:
> What is to stop that scanned bitmap of a person's signature being
> applied to a document the individual has no knowledge about?

Nothing.  That's the nature of physical signatures.

A physical signature binds tightly to the individual (handwriting being
hard to forge), but loosely to the document.

A digital signature binds loosely to the individual (certificate
repudiation being pretty easy), but tightly to the document.

This is one of the reasons why I generally dislike the way the word
"signature" gets abused in these discussions.  Comparisons to physical
signatures inevitably arise, and the two of them seem quite a bit more
dissimilar than alike.



More information about the Gnupg-users mailing list