[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cypherpunk Certification Authority
So far, everybody on the net has discussed the fun part(s) of the CA issue.
The techies talk about protocol, encryption ... in short the real FUN stuff. I have enjoyed diverging
opinions of some of the participants. Many make excellent points and have taught me more than I
ever dreamed to learn.
Lawyers are already making money and preparing for the future :-) Some lawyers argue about
liabilities and drool over new laws being proposed all over the country by other lawyers to
guarantee future lawsuits. Another lawyer does not believe CAs are an option and make a good
buck selling books to prove it (Electronic Commerce Law-Ben Wright squire) another publishes
the American Bar Association CA liabilities, names it draft of the digital signature
guidelines and goes to work for Verisign (CA? DS? UH?).
I can keep talking about good stuff that has happen in the last few months for about everyone
interested in the last frontier (the electronic one) and its trading posts (electronic commerce), but
the fact is that there are no CAs in full production yet. Yeah! Verisign is around .... Santa Clara. Of
course I have other choices (Did I say great choices?) like Cost in Sweden and at one time
EuroCert in England was advertising on the net.
I have been asking myself ... WHY? I can't accept the standard response: Fear to liability! Granted
that the liability factor is important but my gut feeling tells me that's not the whole story. The
hardware and the software is out there (I haven't commented on the quality of this stuff!). I thought
that several companies who have indicated interest have all it takes to make a successfull CA but
nobody seem to move reasonably fast.
Is it possible that the process of issuing and maintaining a certificate is so complex and expensive? I
think that MITRE did a study for NIST and they came-up with a cost of $800 per year per federal
employee to maintain and administer a Federal CA.
PS I want to thank Robert Hettinga for his excellent work promoting the principles of the
Cypherpunks, and for diseminating critical information that helps shape the corporate world for a
better electronic future.
Juan Rodriguez i Torrent