The Current State of Use — Legal and Practical
Digital signature schemes share basic prerequisites that— regardless of cryptographic theory or legal provision— they need to have, meaning:
-
- Quality algorithms
- Some public-key algorithms are known to be insecure, practical attacks against them having been discovered.
-
- Quality implementations
- An implementation of a good algorithm (or protocol) with mistake(s) will not work.
-
- The private key must remain private
- if it becomes known to any other party, that party can produce perfect digital signatures of anything whatsoever.
-
- The public key owner must be verifiable
- A public key associated with Bob actually came from Bob. This is commonly done using a public key infrastructure (PKI) and the public keyuser association is attested by the operator of the PKI (called a certificate authority). For 'open' PKIs in which anyone can request such an attestation (universally embodied in a cryptographically protected identity certificate), the possibility of mistaken attestation is nontrivial. Commercial PKI operators have suffered several publicly known problems. Such mistakes could lead to falsely signed, and thus wrongly attributed, documents. 'closed' PKI systems are more expensive, but less easily subverted in this way.
-
- Users (and their software) must carry out the signature protocol properly.
Only if all of these conditions are met will a digital signature actually be any evidence of who sent the message, and therefore of their assent to its contents. Legal enactment cannot change this reality of the existing engineering possibilities, though some such have not reflected this actuality.
Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and providing for (or limiting) their legal effect. The first appears to have been in Utah in the United States, followed closely by the states Massachusetts and California. Other countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time. These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying cryptographic engineering, and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable. Adoption of technical standards for digital signatures have lagged behind much of the legislation, delaying a more or less unified engineering position on interoperability, algorithm choice, key lengths, and so on what the engineering is attempting to provide.
- See also: ABA digital signature guidelines
Read more about this topic: Digital Signature
Famous quotes containing the words current, state, legal and/or practical:
“I don’t see America as a mainland, but as a sea, a big ocean. Sometimes a storm arises, a formidable current develops, and it seems it will engulf everything. Wait a moment, another current will appear and bring the first one to naught.”
—Jacques Maritain (1882–1973)
“What should concern Massachusetts is not the Nebraska Bill, nor the Fugitive Slave Bill, but her own slaveholding and servility. Let the State dissolve her union with the slaveholder.... Let each inhabitant of the State dissolve his union with her, as long as she delays to do her duty.”
—Henry David Thoreau (1817–1862)
“Courage, then, for the end draws near! A few more years of persistent, faithful work and the women of the United States will be recognized as the legal equals of men.”
—Mary A. Livermore (1821–1905)
“History not used is nothing, for all intellectual life is action, like practical life, and if you don’t use the stuff—well, it might as well be dead.”
—A.J. (Arnold Joseph)