Most Security Policies are geared towards preventing hacker-vandals. However, impersonator-hackers can be more insidious. How do you ensure that a third-party cannot forge your online signature and commit you to an un-wanted obligation? Conversely, how do you ensure that a third party cannot renege on an agreement that is favorable to you by claiming that their online signature was forged?

This presentation: (1) summarizes the fundamental issues (Is an electronic contract worth the bandwidth it's written on? What exactly is a digital signature? How does it differ from an electronic signature? Are they legally binding?); (2) examines digital signing from both a person-to-machine and a machine-to-machine ("M2M") perspective; and (3) suggests a practical approach to legal-security in each case.