EU Draft Digital Signature Directive
David Swarbrick
David at swarb.demon.co.uk
Thu, 20 Aug 1998 12:01:54 +0100
In message <35DBDC35.8501214C@cs.ucl.ac.uk>, Ian Brown
<I.Brown@cs.ucl.ac.uk> writes
>More generally, what due diligence do you take before dealing with a
>company you have never come across before (electronically *or* physically)?
>I might look for membership of a trade association, ask contacts if they
>have dealt with this firm before...
>
>I suppose I could ring up Companies House and check a company of that name
>exists... This could be facilitated online by certificates. But, I want to
>know more than simply that a company exists. There are already many cowboy
>firms out there that are perfectly legitimately registered as firms, and
>would qualify under any scheme you could devise for certifying a name->key
>binding.
>
>The general point is that you usually build up a business relationship with
>a company before spending large amounts of money with them, or have other
>assurances (like ABTA or an advert in a reputable magazine), or pass the
>risk to others (VISA).
I suspect that funamental issues as to the nature of identity on-line
will have to be answered. Communication with pals is ok, but surely the
point of public key encryption is that more becomes possible. It just
may be that the overheads of key management will always make general
secure communication impractical. If so, Nigel's 'prompters' can sleep
soundly, knowing that only crooks, terrorists, and paedophiles will
_actually_ ever make regular use of encryption, and irrespective of what
regulations exist.
--
David Swarbrick, Solicitor
http://www.swarb.co.uk/ (office) 'a damn fine web-site'
http://www.swarb.demon.co.uk (home)