Re: SEIS: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat & QC-heavy-bio

[Patrik Fältström <paf@xxxxxxxx>]

At 16.52 +0200 1999-04-08, Stefan Santesson wrote:
> I.e. You are ALWAYS responsible for signatures created by YOU and you are
> NEVER responsible for signatures created by someone else.
>
> Who owns the techiqe, keys, system, infrastructure etc. are totally
> irrelevant to this fact.
In this step, yes. BUT, the party which you, as the signer, is 
sending the signed data to, have to trust the data itself, and the 
proposed fact that you were the one sending it.

I.e. you as a signer is signing data just because you want someone 
else to trust your information.

The infrastructure, keys, system etc is something which can be used 
at a later stage (see below).

> So, last, what remains is the problem of providing strong evidence if the
> above fact is repudiated. I.e. if you deny that a signature was created as
> e result of your consious act, representing your intent.
>
> This however WILL be dependent on technique, keys, system, infrastructure etc.
>
> So when we are talking about law and technique, we are ONLY talking about
> factors which effect the EVIDENCE VALUE. Not factors that decide whether a
> signature is legal or not.
>
> ALL SIGNATURES ARE LEGAL. It's only the fact that some of them are harder
> to prove in court than others.
In legal systems like the one we have in Sweden, any party can to the 
court use any kind of evidence. In Swedish we call it "fri 
bevisprövning". I have been told, that in other legal systems, other 
rules can exist.

It is also the case that if you also have a contract between the 
parties exchanging information, or for example the party which hands 
out the keys, things get extremely complicated -- and I have not seen 
a single person being able to come with a formula for "TRUST" ever, 
and I doubt anyone will.

   paf