Hacker News new | past | comments | ask | show | jobs | submit login

The willingness or need to enforce seems to correlate with the measures a company requires you to take on signing.

* TOS - a simple checkbox - or even just a "continue button" * Moderately large purchase - type your name * Larger purchase - draw your name * Major contract - use this widely recognized signature flow




It's like how you have to type a whole word into a box to delete a repo on github.


That's really just a defense against deleting the wrong repo. If you're typing in the whole repo name, including the account it's under, you're very likely to know which repo you are deleting when you hit the button. (Consider the horror scenario where you both own an org repo and have a personal fork, and you mean to delete your personal fork but delete the main repo instead.)


Signing something, in the same way, is a defense against someone claiming that they really didn't mean it.


Life-or-death contract - write out 2048-bit DSA private key from memory; no, you cannot import a key file instead


The moment you write out the private key it's no longer secure. Anyone who sees it (and has a good enough memory) could copy the key to another contract.

You'd need to perform the DSA algorithm in your head on the content of the contract, using your memorized private key, and write out the resulting signature block.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: