Since the same key does these two functions (signature and verification), it must be transferred from the signer to the recipient of the message. This situation can undermine confidence in the authentication of the user's identity because the symmetric key is shared between sender and recipient and therefore is no longer unique to one person. Since the symmetric key is shared between the sender and possibly many recipients, it is not private to the sender and hence has lesser value as an authentication mechanism.
- OMB, Procedures and Guidance; Implementation of the Government Paperwork Elimination Act, 65 Fed. Reg. 25508-21 (May 2, 2000) (full-text).