-----BEGIN PGP SIGNED MESSAGE-----
Guess who forgot to sign his own message... d'oh! :-)
On Thu, 11 Jun 1998, Jon Knight wrote:
> On Wed, 10 Jun 1998, Mr C A Rusbridge wrote:
> > To me this seems to imply that the UK Copyright requirement that ILL
> > request forms must be signed in writing would need to be extended (or
> > would perhaps automatically be extended) to include electronic signatures.
> > It's not clear how liberal an interpretation is required of electornic
> > signatures; is this restricted to strong technologies like certificates,
> > or will a username/password or borrower-id/PIN combination be acceptable?
>
> A username/password or borrower-id/PIN by itself is not a digital
> signature. These are merely (pretty poor) authentication tokens (better
> would be smart card based challenge/repsonses or biometric information
> such as a retinal scan, fingerprint, DNA signature, etc). Whilst such
> (usually secret) tokens may be involved in the creation of a digital
> signature, the signature itself should really include some information
> about the information that is being signed.
>
> For example, when I send this message I will sign it using PGP. PGP asks
> for my secret pass phrase but that isn't what appears in the signature.
> What you see instead is a output of a cryptographic mechanism that was run
> over the text of this message and "unlocked" using my secret password. If
> you're running PGP and have my public key on your keyring, your PGP code
> can then take the public key and this message and check that the signature
> was created with:
>
> a) my private key, as unlocked by my secret passphrase,
>
> b) the message that you received.
>
> The idea of the digital signature is after all non-repudiation; I can't
> say that I didn't sign this message at some later date because I should be
> the only person who knows my secret passphrase to unlock my private key.
> Of course if Mr Cracker intercepts your passphrase or cracks the
> public-key-crypto, etc, the digital signature isn't worth the electrons
> its printed on. If its going to be used legally you'll get involved with
> proving that people did/didn't (depending on which side your on!) have
> their private key compromised in some way. But that just the same as
> proving Chris Rusbridge didn't sign that £1,000,000 check that seemed
> to bear his signature that I just paid into my bank account... ;-) ;-)
>
> Tatty bye,
>
> Jim'll
>
> #!/usr/bin/perl -- -Whois++-client-in-6-lines-of-Perl -Beat-that-Z39.50!
> use IO::Socket;sub w{$f=shift;$a{$f}=1;($h,$p,$q)=split("/",$f);$s=
> IO::Socket::INET->new(PeerAddr=>"$h:$p")||return;print $s "$q\r\n";while(<$s>)
> {next if(/^%/);if(/^# SERVER-TO-ASK/){while(<$s>){$x=$1 if/Name: (.*)\r\n$/;$y
> =$1 if/Port: (.*)\r\n$/;$f="$x/$y/$q";@j=(@j,$f)if(/^# END/&&!$a{$f})}}else{
> print}}close($s)}@j=shift;while(@j){w(pop(@j))}# whois++.pl host/port/query
>
>
Tatty bye,
Jim'll
#!/usr/bin/perl -- -Whois++-client-in-6-lines-of-Perl -Beat-that-Z39.50!
use IO::Socket;sub w{$f=shift;$a{$f}=1;($h,$p,$q)=split("/",$f);$s=
IO::Socket::INET->new(PeerAddr=>"$h:$p")||return;print $s "$q\r\n";while(<$s>)
{next if(/^%/);if(/^# SERVER-TO-ASK/){while(<$s>){$x=$1 if/Name: (.*)\r\n$/;$y
=$1 if/Port: (.*)\r\n$/;$f="$x/$y/$q";@j=(@j,$f)if(/^# END/&&!$a{$f})}}else{
print}}close($s)}@j=shift;while(@j){w(pop(@j))}# whois++.pl host/port/query
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNX/4MIGEIhRfyt1ZAQEzTAP/W2TYNfHuXUPHzgzi8Y9DescTpU6c7vRe
BOHEWY1fG2FbJeIf52edQScRYCuAWuSLPsffQmdNEj594A4o2LmaGsdEcjXgKJ2l
jhLEs7jwfnINnjjACnwHyFZzPEOU21Mz19OoI7OHRj0MSCZVDtMp8ZUHJteA39In
TzMtAeBcrUo=
=y3wG
-----END PGP SIGNATURE-----
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|