No Subject

[hughes@ah.com (Eric Hughes)]

   I doubt digital signatures will ever be
   used alone much for signing expensive contracts.  

Not every binding signature is on a contract.  The signature at the
bottom of a check is not signing a contract, but rather referencing a
contract between the drawer of the check and the bank whereby the bank
agrees to accept such checks.

Expect models like this to proliferate, where one physical signature
initiates the use of many digital signatures in a proper context.
Such a system could be used, for example, in a new beast called a
"contract proxy", which is the nominal end of some contract, but which
is really standing in for some other party.

Activity within a contract is not the same thing as a creating a
contract.  This is one of the very first things I learned in this
field, and I thank Mike Godwin for pointing this out to me.

   I predict it will become common practice, or even 
   law, that digitally signed contracts over a certain amount are 
   automatically invalid unless further precuations have been 
   taken (signatures of notary witnesses, or perhaps some better 
   crypto protocol designed for this purpose).

This prediction is either far too premature, since the whole technical
and le
al situation with use of digital signatures in _any_ form is
not yet well enough developed, or totally tautological, since a
digital signature as such is merely a string of bits with little other
than mathematical interpretation.  What is certain is that the social
process involved in making digital signatures useful will be far more
complicated than the software needed to make the digital signatures.

   We may yet find protocols to mitigate or limit this kind of fraud -- 
   make change traceable if linked to double spending, 

"Traceable to what?" is the real question.  One can consider systems
traceable to persons or systems traceable to security deposits, for
example.

   Reliance on law enforcement flies in the face of
   cypherpunk goals, and indeed against the goals of good cops 
   as well 

A system that requires police for its stability is externalizing part
of its security costs to the governments of jurisdiction.  The
taxpayers of such jurisdictions are subsidizing these enterprises.
And in cases where the powers of the jurisdiction are weak or
non-existent, be that by accident or design, these kinds of systems
just won't work economically.

   A protocol that treats common
   accident the same as criminal fraud, when the stakes are
   so high, is pathological.

And not only that, it requires trafficking in identity.

   [...] we may not even need to recongize fraud in online
   cash -- just treat all online double spending as accident.   
   No bonding, secured accounts, investigators, ID badges
   or cops with guns busting down Janes's door after
   Iriving has million-spent her coins.  

The economics of charging for deposit attempts clearly prevents most
double spending.  There may well, however, be an economic win for an
business which finds a way to save on clearing costs by eliminating
the deposit charge in lieu of some other notion of assurance against
abuse, like a secured account from which deposit fees are levied.

   If clearing costs are less than plausible offline cash
   fraud and fraud prevention costs, online cash is a winner,
   both now and increasingly in the future as bandwidth becomes 
   even cheaper.

I agree.  It appears to the back of my envelope that communication and
computation charges are dropping fast enough that by the time offline
smartcards are economical enough to deploy, that online systems will
be cheaper.

Eric