more words on electronic commerce vs. PKIs

Nicholas Bohm nbohm at ernest.net
Wed, 29 Apr 1998 21:05:33 +0100 

At 14:16 29/04/1998 -0400, Carl Ellison wrote:
>At 01:11 PM 4/29/98 +0100, Nicholas Bohm wrote:
>>At 09:58 29/04/1998 +0100, Charles Lindsey wrote:
>>>The obvious answer in this situation is for the Law Society to become a
>>>Licensed CA, and to issue certificates to the effect that "This is the
>>>public key of X, who is a member of this society".
>>
>>It already issues Practising Certificates, and all that would have to be
>>added would be the public key of the solicitor (or the key fingerprint).
>>
>>However, nobody has ever sued the Law Society (as far as I know) for
>>issuing a certificate to the wrong person, or naming someone who isn't in
>>fact entitled to a certificate, and the prospects of acquiring a whole new
>>set of liabilities (assuming that is feared as the consequence of certifyng
>>keys) may be unattractive.  And the Law Society doesn't really know its
>>members "personally", or know their handwritten signatures, or do a lot of
>>cross-checking, or run very secure computer systems, etc; and it might not
>>like the cost of the measures needed to obtain accreditation.  So there may
>>be some way to go.
>
>Does this mean that an unqualified CA will take over this function just 
>because it has spent many legal man-hours writing a CPS that disclaims all 
>liability?

This could well happen.  The forthcoming EU digital signature directive,
like some US states' digital signature laws, seems likely to go out of its
way to accommodate CA liability disclaimers; no doubt on the ground that
the more weight you make a CA carry, the fewer CAs will be willing to carry
it.  But, of course, the less weight a CA is willing to carry, the less
conviction will general purpose [name;key] certificates add to electronic
commerce.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF