On Wed, 10 Jun 1998, Mr C A Rusbridge wrote:
> To me this seems to imply that the UK Copyright requirement that ILL
> request forms must be signed in writing would need to be extended (or
> would perhaps automatically be extended) to include electronic signatures.
> It's not clear how liberal an interpretation is required of electornic
> signatures; is this restricted to strong technologies like certificates,
> or will a username/password or borrower-id/PIN combination be acceptable?
A username/password or borrower-id/PIN by itself is not a digital
signature. These are merely (pretty poor) authentication tokens (better
would be smart card based challenge/repsonses or biometric information
such as a retinal scan, fingerprint, DNA signature, etc). Whilst such
(usually secret) tokens may be involved in the creation of a digital
signature, the signature itself should really include some information
about the information that is being signed.
For example, when I send this message I will sign it using PGP. PGP asks
for my secret pass phrase but that isn't what appears in the signature.
What you see instead is a output of a cryptographic mechanism that was run
over the text of this message and "unlocked" using my secret password. If
you're running PGP and have my public key on your keyring, your PGP code
can then take the public key and this message and check that the signature
was created with:
a) my private key, as unlocked by my secret passphrase,
b) the message that you received.
The idea of the digital signature is after all non-repudiation; I can't
say that I didn't sign this message at some later date because I should be
the only person who knows my secret passphrase to unlock my private key.
Of course if Mr Cracker intercepts your passphrase or cracks the
public-key-crypto, etc, the digital signature isn't worth the electrons
its printed on. If its going to be used legally you'll get involved with
proving that people did/didn't (depending on which side your on!) have
their private key compromised in some way. But that just the same as
proving Chris Rusbridge didn't sign that £1,000,000 check that seemed
to bear his signature that I just paid into my bank account... ;-) ;-)
Tatty bye,
Jim'll
#!/usr/bin/perl -- -Whois++-client-in-6-lines-of-Perl -Beat-that-Z39.50!
use IO::Socket;sub w{$f=shift;$a{$f}=1;($h,$p,$q)=split("/",$f);$s=
IO::Socket::INET->new(PeerAddr=>"$h:$p")||return;print $s "$q\r\n";while(<$s>)
{next if(/^%/);if(/^# SERVER-TO-ASK/){while(<$s>){$x=$1 if/Name: (.*)\r\n$/;$y
=$1 if/Port: (.*)\r\n$/;$f="$x/$y/$q";@j=(@j,$f)if(/^# END/&&!$a{$f})}}else{
print}}close($s)}@j=shift;while(@j){w(pop(@j))}# whois++.pl host/port/query
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|