Digital signing in a browser? No thanks!

If you think of the powers that can be unleashed in a web-browser, all at the discretion of a website being visited, it is hard to believe that anything done in them can ever be secure. Java applets can popup anything they please, JavaScript can manipulate more of your browser than you want to know, closed locks are not always the locks that you think they are and URLs can be disguised in extremely clever schemes.

On top of all this featured openness, there is the problem that browsers are generally programmed in a sort of 'frivolous mood' in which features outrank security. They simply have to adopt too many technologies and the ratrace is just too exhausting to remain totally conscious of boring show-stoppers like security. We have all heard at least one of the horror stories about IE, haven't we?

There is a definite advantage to browsers, being that they can guide a visitor through a process. Of course every website has its own process, so it's always a surprise what the next step will be, but the guidance makes it fairly doable even to novices. But if I need to sign for something, and stand for what I sign, I prefer to learn a fixed procedure once and use it in the same way for times to come. In other words, for digital signing I cannot appreciate the pedantic and site-dependent processes that websites bring.

Let's look at the obvious alternative, namely the other tool that the whole world is using. Email can also be equipped with a digital signature, and it is not even hard to use. While composing an email, I can read and change the text at my own pace, and it suffices to toggle a checkbox 'sign upon sending' to arrange the formalities of digital signing. I expect that the mail tool will prompt me for the password to unlock the private key for the purposes of signing, in the standard way for the mail tool. I know that no programs or scripts from remote sources will be running if I selected my mail tool with care to exclude those unnecessary features.

In short, signing mail means that you are in control of what you sign, and the process is always the same. Setting it up is somewhat dreadful, but not more than setting up certificates in a web browser. Once installed, it is a matter of clicking the right button to get the email signed. And another one to encrypt it so only a recipient can read it.

An advantaged of digitally signed input is that companies can automatically process legally validated records and incorporate them in their internal processes. In other words, there will be applications that require sending 'properly formatted' documents to mail-robots. This can be done very practically by sending a form-to-fillout over email, asking to reply to it and fill in the blanks. It will take a somewhat smart robot to make sense out of the reply, without stranding in vagueness that could be defeated in court. It should probably strip reply-specific layout and lookup values from in between square brackets, or something like that.

For legal reasons, it is probably needed to keep a copy of all signed information submitted to the mail robot. Luckily, there is a very suitable mechanism for storing email, namely a simple mail box. Also note that the sender of the signed email has the choice to make a copy for local reference. This is the way paper signatures also work, and the close resemblence makes it much simpler to understand for novices than any web-guided process could be.

Is this issue merely technical? I bet it is not. I cannot see any judge or jury decide in favour of a web-based digital signature, for the reasons stipulated above. What this means is that the grounds for relying on such digital signatures are weak. On the other hand, a self-controlled process such as one's own mail tool is much more likely to be considered reliable technology by judges and juries alike.