[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure Authentication
-----BEGIN PGP SIGNED MESSAGE-----
At 01:26 PM 6/27/97 -0700, Eric Murray wrote:
>And another question is should government be involved at all?
>My answer to that is no, not for the setting of CA policy.
[CA is Certification Authority]
While I wholeheartedly and forcefully agree with Eric's sentiment, the
business reality is that the gov't will be involved in setting CA policy. If
for no other reason, simply because CA's will be used by the gov't. Even
from a hands off, pro business viewpoint, few CA's will ignore the wishes of
their largest customer, the gov't.
The gov't will be involved in CA policy for several reasons. I'll lightly
glance on some of them.
* Beeps and chirps. Signatures on paper have legal meaning. This is why
there is a push to use digital signatures - to give them legal meaning.
While contract law can be somewhat applied to this concept, many would agree
that official acknowledgement of digital signatures is a key element of using
digital signatures in commerce. A recent case in Georgia's supreme court
ruled that electronic messages were beeps and chirps, and had no legal status
as a "writing". The law continually refers to signatures and writings.
There must be a law, or interpretation of law to allow for this to be updated
to electronic writings. Even if mutual consent could be used between
corporations, as the state moves to the cost savings of electronic commerce
the state will have to impose laws to enable itself to take advantage of
these technologies.
At 01:26 PM 6/27/97 -0700, Eric Murray wrote:
>The biggest problem with CAs and the law is legal liability. The liability
>of being a CA is currently unknown until there is case law on the topic.
* Resolving legal liability. Some of the proposed laws for enabling digital
signature technology do in fact solve the liability problem for CA's by
legislating it out as long as the CA performs due diligence. To enforce due
diligence, some laws also provide for government auditing of CA procedures
and for injunctive relief to shut down a "rogue" Certification Authority.
A copy of one such overly bureaucratic 22 page Certification Authority law
can be found at http://www.efga.org/digsig/lawdraft.html This is the
original draft of Georgia's Digital Signature law. This draft was thrown out
and rewritten from scratch to form a much better law. (assuming any law can
be good)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQBVAwUBM7YF00GpGhRXg5NZAQGnEAH+JRioBgJi2UIK1SkBBtaACNHCsd6nYbyU
Q5/57jni0VV1AejCK7tOCFN1KfPe43dKlnsplBrO+spBf7Lt9j90Mw==
=pAgj
-----END PGP SIGNATURE-----
-- Robert Costner Phone: (770) 512-8746
Electronic Frontiers Georgia mailto:[email protected]
http://www.efga.org/ run PGP 5.0 for my public key