On Sun, Jan 30, 2011 at 07:50:30AM +0530, Binand Sethumadhavan wrote:
2011/1/26 Nitesh Mistry mailbox@mistrynitesh.net:
Even in the offline world, signing a document is usually not enough -
On the contrary it is 'usually' enough. Of how many documents that we sign, do you get them countersigned by a witness? Does that mean you do not sign a document unless there is a witness countersigning it?
I am ignoring everything else you have written (better sense prevails
- proverbs about skirmishes with the suilline and all that), but this
displays some naivete. Every non-trivial document (ie, one that is going to trigger a decision - especially financial - by a third party who is going to be held liable for that decision) you sign is authenticated by a witness, or by comparing with a signature authenticated previously. In case you have counter examples, let me know. Think of the list of documents you might have to sign - be it a cheque, a loan application, a tax return - anything - and the backend processing that happens.
Didn't I write "USUALLY"? But what you say about backend processing is exactly what pgp does. And in the light of your own arguments, my signing the messages with pgp keys is more meaningful than you just writing your name below every message. Because anybody can write any name below the message, but nobody other than me can pgp sign a message with key id A6FEF696. If you want a proof that the name mentioned on the key A6FEF696 is really Nitesh Mistry, you are always welcome to meet me and I can give all the documents in the world to prove it (and no I won't bite you ;) ).