On 12/10/2016 at 11:08 PM, "Phillip Hallam-Baker" wrote:
Which would appear to remove the argument that we should avoid
digital signatures because they are too difficult. It really isn't
that difficult to see that the digital signature does not make the
legal position any worse than it is with regular email and could if
correctly applied make things a lot better.
What we are really talking about here is not merely the creation of an
autography but the performance of an intentional act of signing.
I don't think that a regular email application or for that matter any
general purpose communication mechanism should be used for that
purpose. Rather, intent to sign should be expressed through a separate
application and a key that is specific for that purpose.
=====
There is a commercial product called Docusign
https://www.docusign.com/
I'm not familiar with the specifics, but it seems not to have done
away with the central issue, of trusting that the signer is the real
person whose name is being signed, just as an open-pgp signature is
not trusted unless one trusts that the signing key belongs to the
person of that name.
Just as anyone can create a pgp signing key with any name, anyone
(with the proper personal information) can create a Docusign
key/certificate.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp