On Thu, 11 Jan 2007 11:33:01 -0800 <home_pw@xxxxxxx> wrote:I've lost track of the URL, but somewhere on an MSN/Microsoft site it once had a click-signature mechanism. "Click the Agree button" to be legally bound to something, over the SSL channel. That is not particularly remarkable, of course. However, there was specific and remarkable legal blurb justifying this as an "electronic signature".I recall reading it, wide-eyed.
Sure, such paper -- or such mouse clicks -- can be forged, and there isn't the technical attribute of non-repudiation. If it comes to a court fight, you can make that argument. You can also make the argument that a digital signature was forged because your key wasstolen or your machine was hacked. In any event, your analysis and conclusions are wrong.
I thought I was commenting on the fact that (a) it claimed the click to be an electronic signature (versus a clickthru _agreement_) (b) it's a click over SSL (c) whats intesting is that the recordation requirement of ESIGN can only be being satisfied using an SSL audit trail (which is germane to the TLS Evidence work item proposal analysis)
Im perfectly well aware that a digital signature is but one kind of electronic signature under ESIGN laws. I was wide eyed about the claim that it satisfied the legal definition of electronic signature (in the public law). Normally, folks allude to other legal bases, common practice about agreement formulation ,etc. This was SPECIFIC to be claiming to satisfy the rules under ESIGN. You don't see this, very often.
http://www.ftc.gov/os/2001/06/esign7.htm
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________ TLS mailing list TLS@xxxxxxxxxxxxxx https://www1.ietf.org/mailman/listinfo/tls