digitally signing contracts
mailinglisten at hauke-laging.de
Mon Oct 31 18:11:30 CET 2011
Am Sonntag, 30. Oktober 2011, 05:21:56 schrieb Eric Abrahamsen:
> Is there a general sense that this is viable (at least as viable as
> scanning and emailing contracts that have been signed with a pen)?
I think there are two points:
1) What exactly does a digital signature mean?
2) Can you prove that the signing key belongs to the person you have to sue in
case of doubt?
it is not obvious that a signature for a document means that the signer feels
bound be that document. The signature can mean "I sign all documents so that
the recipient can be sure it is from me (and unmodified)." This would not be
the same like a signature by hand below a treaty (just like a signature on the
back of a treaty paper probably would not be accepted by courts).
German signature law requires "to add the name to a document and sign it then
by a (legally) valid key". I am not sure what that means. I think of a
signature over two "files", the document and a file containing the name. But
that has its risks, too. I guess that a signature over two files is just a
signature over the combined files. So you would have to check that the
document you sign (as usual) does not "happen" to contain your name at the
end. Probably certain document formats (or rather applications) do not care
about some data behind the recognized part and do not show that data.
This just inspires me: The meaning should be obvious by the signature itself.
That is a good example for standardized signature notations. As long as the
law does not, you have to make clear what signature is required for formally
accepting a treaty (represented by a document). You could require a signature:
i_accept_this_treaty at mydomain.tld=yes. Or you require a signature by a certain
key which is used for accepting treaties only (and thus cannot accidentally
To be safe you need a treaty which makes clear the usage of digital
signatures. I just catch myself: I have made such treaties before but not
covered the problem I just described. :-)
It is a difference whether
a) you can be sure that a key belongs to a person (which is easily done by
checking the fingerprint)
b) you can prove in court that the key belongs to the person.
You either need a third party which is trusted by the courts (not your court
but the one where you have to sue the other one...) or a treaty with a hand
signature. This is easy:
"I admit to be bound by signatures by the key identified by this fingerprint
until further notice (key revocation): ..."
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users