Managing Subkeys for Professional and Personal UIDs
Robert J. Hansen
rjh at sixdemonbag.org
Sun May 4 14:43:14 CEST 2014
> So why not just follow the standard practice of the trusted secretary
> signing the document himself and annotating it was signed for and on
> behalf of his boss?
Because the law says the document must bear the President's signature,
not that of a functionary acting on the President's direction.
> If the "autopen" signature looks just like the real deal then, unless
> the document is annotated to indicate it is machine-generated by
> <name>, you have described something that sounds to me like an act of
> deception.
Deception? In politics? Surely you jest. That could /never/ happen...
> I cannot think of a situation where it would be appropriate to have a
> machine fake somebody's signature, rather than have somebody else sign
> on their behalf.
This original thread started off with Daniel Kahn Gillmor saying there
were no use cases for a third party holding signing keys.
Well, there *are* use cases, as evidenced by the President's signing of
the Affordable Care Act.
And every time someone says "well, he really shouldn't," I don't know
how to read that except as an admission of "yes, there is a use case,
but no, I don't like it." In which case you're in full agreement with
me and you're just in denial about it. Yes, there is a use case, and
no, I don't like it, either... but that doesn't change the fact there's
a use case!
More information about the Gnupg-users
mailing list