[HN Gopher] Digital signatures and how to avoid them
___________________________________________________________________
Digital signatures and how to avoid them
Author : _ikke_
Score : 53 points
Date : 2024-09-19 07:12 UTC (15 hours ago)
(HTM) web link (neilmadden.blog)
(TXT) w3m dump (neilmadden.blog)
| sandij wrote:
| This article is very relevant in the context of the EU Digital
| Identity Wallet, and digital credentials in general, such as
| ISO/IEC 18013-5 mobile driver licenses and other mdocs.
|
| We may accidentially end up with non-repudiation of attribute
| presentation, thinking that this increases assurance for the
| parties involved in a transaction. The legal framework is not
| designed for this and insufficiently protects the credential
| subject for example.
|
| Instead, the high assurance use cases should complement digital
| credentials (with plausible deniability of past presentations)
| with qualified e-signatures and e-seals. For these, the EU for
| example does provide a legal framework that protects both the
| relying party and the signer.
| moffkalast wrote:
| I mean it's not a super big deal if the EU identity private key
| leaks in some arcane attack or if someone steals it the normal
| way, you can just cancel it and order a new one like a credit
| card. It expires every two years I think anyway.
|
| This reminds me of a specific number that Americans have to
| give in plain text as proof of digital identity that they only
| get one of and can't change it ever. Lol.
| the_sleaze_ wrote:
| Well, at least you can laminate it
| sunk1st wrote:
| That doesn't matter. The claim being made by the grandparent
| post is that the legal system isn't well-equipped to deal
| with scenarios like, "yes the digital signature is valid but
| it was improperly authorized."
___________________________________________________________________
(page generated 2024-09-19 23:00 UTC)