On Sat, 2003-09-06 at 18:56, Edmund GRIMLEY EVANS wrote: > Scott James Remnant <scott@netsplit.com>: > > > > > A signature made with a secret key that was published on Usenet can > > > > hardly be a valid proof of anything. > > > > > > In some countries like in France it's truly accepted in court like a > > > valid proof, you just have to follow some rules. I don't think the > > > France is an exception in this matter. > > > > > This is true in the UK as well. > > What is true? > > As far as know, almost anything is acceptable in a UK court as valid > proof, apart from a few stupid exceptions, such as "hearsay". > Not true, the UK has a set of rules as to what constitutes sufficient authority to be bound by the contents of a document. The Electronic Communications Act 2000 extended these to include digital signatures, such as those created by PGP, if the signer so wished it to be interpreted it that way. > It's obvious, however, that a signature made with a key that was > accidently or deliberately published cannot in itself be evidence > of anything particularly interesting. > This would be treated the same as a claim that someone forged a traditional pen signature, or copied your wax seal. Posessing a digitally signed e-mail from the author would have (under UK law) the same power as holding a written letter signed by the author. For extra security, I'd the signed e-mail witnessed and signed by a second party -- just as I'd get a written letter witness and signed by a second party. > It has been argued that the term "signature" for what GPG does was > badly chosed. It is more like a "seal". > A signature and a seal are the same thing. Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist?
Attachment:
signature.asc
Description: This is a digitally signed message part