Text of (original) draft EU DIGITAL SIGNATURE DIRECTIVE

[Brian Gladman]

From: Nicholas Bohm <nbohm@ernest.net>
To: ukcrypto@maillist.ox.ac.uk <ukcrypto@maillist.ox.ac.uk>
Date: 03 April 1998 09:29
Subject: Re: Text of (original) draft EU DIGITAL SIGNATURE DIRECTIVE

<material deleted>

>>1. "electronic signature" means a process which indicates the signatory's
>>electronic approval of the content of data and which meets the following
>>requirements:


<material deleted>

>>2. "digital signature" means an electronic signature which uses an
>asymmetric
>>cryptographic technique such that a person having the signatory's public
key
>>can determine whether:
>
>The nomenclature seems absurd:  all electronic signatures are digital.  And
>is it right that although RSA keys are asymmetric, DH keys are symmetric?
>If so, this definition inappropriately favours a particular technical
>solution.


Using the terms as defined in this directive, any form of signature that is
not based on an asymmetric cryptographic technique is electronic but not
digital.  I guess that this would allow, for example, electronic recording
of biometric signatures as 'electronic signatures'.

The terms symmetric and asymmetric can be confusing.  When used to describe
algorithms these terms are generally used to distinguish between algorithms
which use the same key for encryption and decryption (symmetric) and those
which involve a public encryption key and a private decryption key
(asymmetric).  In DH the algorithm is an asymmetric key negotiation
algorithm leading to a symmetric key!

In fact the RSA algorithm offers either encryption or signature capabilities
directly whereas DH, in raw form, offers neither of these.  The mathematical
technique employed in DH can, however, be specialised for such purposes.

<material deleted>

>>Article 3 -- Legal effects
>>
>>1. Member States shall ensure that with respect to data authenticated by
>means
>>of an electronic signature provided by an accredited certification service
>>provider it is presumed that:
>
>It is inconsistent with definition 1(c) above for the signature to be
>provided by the service provider, not the signatory.  And this provision is
>objectionable as tending to promote the validity of certified signatures
>without giving proper support to uncertified signatures which have
>nevertheless been accepted by the parties to a transaction.  This tends to
>entrench the need (otherwise much exaggerated) for certification services.
>This in turn provides a ready-made infrastructure for the imposition of
>"key escrow" requirements.

Yes, this wording looks badly flawed - the CSP provides the certificate not
the signature but this clause confuses this.  The whole document seems to be
based on the presumption that digital signatures require endorsement through
some form of certification service in order to be valid.  This does not make
sense since this is only one possible way of developing trust in a signature
(and certainly ***not*** the best).

<material deleted>

     Brian Gladman