Best practice for periodic key change?
Robert J. Hansen
rjh at sixdemonbag.org
Sat May 7 23:56:37 CEST 2011
On 05/07/2011 02:49 PM, MFPA wrote:
> What is to stop that scanned bitmap of a person's signature being
> applied to a document the individual has no knowledge about?
Nothing. That's the nature of physical signatures.
A physical signature binds tightly to the individual (handwriting being
hard to forge), but loosely to the document.
A digital signature binds loosely to the individual (certificate
repudiation being pretty easy), but tightly to the document.
This is one of the reasons why I generally dislike the way the word
"signature" gets abused in these discussions. Comparisons to physical
signatures inevitably arise, and the two of them seem quite a bit more
dissimilar than alike.
More information about the Gnupg-users