Bob> On the other hand, it does not seem at all unreasonable that a
group of users could get together and agree on a common definition of
what is meant, in a legal sense, by a digital signature that appears on
a document. Those users could agree to sign something like my Affidavit
of Legal Mark, or the the companies that sponsor such efforts might form
a consortium that agrees to be bound by such signatures.
I disagree completely; this group of users could get together and decide
whatever they chose; it would have NO EFFECT on the digital signature;
that meaning will be defined in the courts.
- - -
Bob> I am troubled by Steve Kent saying that he doesn't know what it
means to be a member or affiliated with a PCA. I also suddenly realize
that I haven't seen the word "scope" or "domain" in most of these
discussions. Presumably, it means that that CA, and therefore that user
agrees with and promises to comply with the POLICY of that PCA.
Presumably the word comply implies some level of conformance, auditing,
or even enforcement, which implies a contract somewhere. But if the PCA
wants to get paid for the various services it is performing, a contract
will be required in any case.
I do not expect that I will be the client of any PCA, nor do I expect to
have ANY say so as to which PCA I will be expected to use for
certification. You will have certain CA's which are available to you
for a certain price. These will be associated with your company, school
or some public agency or organization. Your choices will be EXTREMELY
limited. You will need to use the CA which is willing to identify you
-- and I hope that they will at least insist on identifying you. Will I
agree with the policy of the PCA? -- If I want to keep my job or stay
in school, you bet I will have to agree -- but what will that mean?
- - -
Bob> But if a signature can be used for attribution, then something I
sign can, and almost surely does, have some degree of legal weight. In
that case, how do I protect myself from unintended consequences? What
protection does my correspondent have when he or she tries to understand
the context of my comments, and whether I intend to be bound by them?
Sorry Bob; if you signed it, then you signed it. The meaning of the
signature will surely come from the document itself, and perhaps the
title (role) that you used when you signed it.
There seems to be some presumption here that the standard will define
what a signature means. NOT VERY LIKELY. There will be stock legal
forms just as there are today, and unless you hire a very expensive
lawyer, your signature will mean what the UCC (Commercial Code) of your
state says that it means. That's why I raised the concern earlier about
who owned my key. If my company owns my key, and can sign a document in
my absence, then the signature cannot be legally attributed to me. That
may not be acceptable to such agencies as the EPA or IRS that want to
put the signer of any fraudulent document in jail. Put that in your
policy and smoke it!
Peace ..Tom Jones