- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Wed, 02 Nov 2011 12:02:24 -0400
- To: Web Payments <public-webpayments@w3.org>
Hi all, We've had a number of teleconferences where the thought of using digital signatures in the solution has been brought into question. That is, the proposal has been put forward that a complete subset of the system be implemented such that no digital signatures are necessary. The primary thrust of the argument against digital signatures is that they're difficult to implement and the requirement of digital signatures may reduce the likelihood of adoption of the payment standard. I agree that digital signatures are more difficult to implement than not having them and I also agree that it may decrease the likelihood of adoption. That said, there are a number of reasons that we would like to propose the use of digital signatures: * Decentralized Design * Independent Verifiability * Legally Enforceable via Legislation * Secrecy * Data Portability Decentralized Design -------------------- Let's start from an ideal scenario - ideally, PaySwarm would be completely decentralized. That is, a single person could play the part bank, transaction processor, and account holder. That is, you are beholden to no-one when it comes to managing your money. Additionally, all assets that can be transacted on the network can be expressed /anywhere/ on the web and the ownership claim of that asset can be traced back to the person making the claim. So, centralization in both of these cases is a bad thing. But how does one make claims on the Web, across multiple websites, in a way that is secure and resistant to forgeries? Typically, one leans on digital signatures to do this. I know of no other way, other than centralizing the asset listing service and/or centralizing the banking service, to accomplish this. So, if we are going to hope for a decentralized design, we must depend on digital signatures or come up with an alternate technology to achieve this goal. Independent Verifiability ------------------------- Digital signatures allow for independent verifiability of claims. That is, how do you know if a particular set of claims were actually made by the person that the message says it is from? Keep in mind that using a centralized service could achieve this goal, but then you have to hand over the ability to understand a lie from the truth to a 3rd party. That's not necessarily bad, if you trust the 3rd party, but that 3rd party will probably end up using digital signatures anyway. So, in order to verify the sender of messages - you need some sort of digital signature. Legally Enforceable via Legislation ----------------------------------- Contracts bearing digital signatures are legally enforceable in many industrialized nations. The argument has been made that courts don't care about this detail, rather focusing on the intent behind the transaction. While that is true to a certain degree, having a legally binding contract isn't a terrible thing to start out from, especially if the system needs digital signatures anyway as a part of it's standard operating protocol. Also, if we hope for this system to be usable by business, being able to say "This contract is legally enforceable in the USA via the ESIGN act of 2000" is better than not being able to say that. The knowledge that a contract has signatures on it that can be traced back to a business or individual is a strong incentive for people to behave and not get to the point where they're in a court of law disputing a contract. That is, without a digital signature on a contract - I can always claim that the contract was forged and I never agreed to the transaction. Secrecy ------- If we implement Public/Private Key digital signatures, we get encryption for free, and we need that anyway to ensure the protection of messages as they travel across the system. To come at it from the other direction, we certainly need to protect messages flying across the network while also ensuring that site owners don't have to spend $30/year for an SSL certificate. That is, we need to have the ability to send encrypted data over regular HTTP connections. So, if we need that and we implement that... we have all of the tooling required for digital signatures. Data Portability ---------------- Being able to move all of your money, account information, receipts, etc. from one place to the next requires that each digital contract, receipt, account information, etc. is portable from one system to the next. That is, you don't necessarily want to trust the person holding on to your data to verify that the data is valid. You want your financial history to look the same regardless of where it is stored. The validity of a digital contract / receipt should be asserted by the people that took part the transaction, not purely a 3rd party. Additionally, if digital signatures are not provided, and you port your data across more than 1 system, you lose the history of who made the claim. There are more reasons to support digital signatures, but I'll stop here and see what the feedback is on the arguments above. Keep in mind that a response with "we don't need digital signatures" will still need to address the issues above or define a subset of the system that those on the list feel is appropriate to implement without digital signatures. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Standardizing Payment Links - Why Online Tipping has Failed http://manu.sporny.org/2011/payment-links/
Received on Wednesday, 2 November 2011 16:03:04 UTC