Best practice for periodic key change?

[Jerome Baum]

On Sun, May 8, 2011 at 03:13, Jerome Baum <jerome at jeromebaum.com> wrote:

> On Sat, May 7, 2011 at 23:56, Robert J. Hansen <rjh at sixdemonbag.org>wrote:
>
>> On 05/07/2011 02:49 PM, MFPA wrote:
>> > What is to stop that scanned bitmap of a person's signature being
>> > applied to a document the individual has no knowledge about?
>>
>> Nothing.  That's the nature of physical signatures.
>
>
> I was talking about a digital signature though.
>
> MFPA: I agree about the signature being very weak. I am just repeating what
> German law says. This is from some brochure brought out by the BSI. It's
> also quite a right interpretation -- they aren't assigning much strength to
> it, it's what we have advanced and qualified electronic signatures for. The
> bitmap scan is still digital though, and it is a signature. So, it is an
> electronic signature. Makes sense, just don't accept it in court.
>

You realized you might be referring to the "binding" part. As I like to
repeat, every statement of intent is binding. Signatures are just a kind of
documentation, and as I said, it's not very strong documentation.

"I offer you 10 dollars if you give me 10 euros, and this is valid for two
days from now." -- that statement of intent is legally binding (or it would
be, if I were being serious). You can hold me to that. The problem is, you
won't have much evidence I really made that statement and you'd have a hard
time dragging me to court for this anyway. That doesn't make the statement
less binding. Exceptions are found e.g. for home purchases, which AFAIK over
here need to be documented in writing/on paper.

-- 
Jerome Baum

tel +49-1578-8434336
email jerome at jeromebaum.com
-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110508/cf4c0be4/attachment.htm>