PGP/MIME use

Robert J. Hansen rjh at sixdemonbag.org
Wed Feb 1 20:40:23 CET 2012


On 2/1/12 2:23 PM, Jerry wrote:
> Does your bank actually verify those signed documents?

I can't vouch for financial institutions.  I can tell you that when I
was working in electronic voting, whenever I asked questions about "do
you verify signatures?" I was always assured that yes, yes they did.
Whenever I asked, "when was the last time you had a bad signature?" I
always received an answer of either "gee, look at the time, gotta go,"
or "we've never had a bad signature on data from a real election, after
all, our systems are reliable and trustworthy."

>From the perspective of the voting authority, if they say "no we don't
check signatures" it undercuts confidence, therefore they always say
they check signatures.  If they say "yeah, we had a bad sig last week, a
byte got dropped somewhere, we re-sent the data and it was fine," that,
too, undercuts confidence: they're admitting the system isn't perfect.

I liked hearing the "Gee, look at the time, gotta go" answer.  It seemed
to be the most honest.

YMMV, and banks are definitely different beasts from voting authorities.



More information about the Gnupg-users mailing list