EU DIRECTIVE ON SIGNATURES

Carl Ellison cme at acm.org
Sat, 22 Aug 1998 07:51:59 -0700 

-----BEGIN PGP SIGNED MESSAGE-----

At 09:45 AM 8/22/98 -0400, Nigel Hickson wrote:
>Colleagues 
>
>For information; I attach the information DTI  have just circulated to
>directive "contact" list. 
>
>Nigel 
>
>Attachment Converted: "C:\EUDORA\ATTACH\dirtxt.txt"

"Businesses are not likely to act on electronic orders unless they are
content as to the identity of the buyer."

Nigel,

	I assume dirtxt.txt was a Mac document.  Correct?

	The quote above represents a stream of thought that is present in much 
digital signature legislation.  That line of thought has a problem.

	What a business cares about is not the identity of the buyer but rather the 
authority of the buyer.  In a community as large as the Internet, the name 
of the buyer, no matter how carefully certified, is not relevant to the 
seller.  The database necessary to get from that identity string to data of 
interest (permission to sign purchase orders, permission to use a personal 
checking account, permission to use a credit card, ...) is not only huge and 
beyond the means of most sellers, it is also likely to be extremely 
confidential.  That database would amount to dossiers on the entire 
population of the planet.

	It is for this reason that the SET cardholder certificate does not contain 
any name at all -- no identity string.  Instead, it binds permission to use 
one credit card (in the form of the PANHASH) to one public signature key.

	As I am fond of summarizing this, we who do electronic commerce are not 
interested in *who* the keyholder is.  Rather we need to ask "*What* do we 
need to know about the keyholder?" and follow that up with "*What agency* is 
the authority on that piece of information?".

	The first question identifies the contents of the certificate and the 
second question identifies the certificate issuer.  In the SET cardholder 
case, for example, the issuer must be the bank that issued the credit card 
in question.

	From this process, in all protocols we've been able to analyze, *none* has 
produced a need for a globally unique name as the thing in the certificate 
and none of the issuers have turned out to be commercial CAs.

	There will be a need to control some certificate issuers -- perhaps to 
license them -- but as long as you define them as having the function of 
binding a name string to a key, you're missing the point.

 - Carl 



-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNd7bDhN3Wx8QwqUtAQF4bwP+KDQ59yOlpcUzPVj7dO7MBe7AGScrqG2D
g6Mfzw7bu6Y9yvm9s9av7J4203QDh1QjXYtw6hc8Tk5MRijiKGEL23rr9AyUpn1F
zW3Qt2q/o+kjzDB7yv3VKqAf4ajS26Ccnh2Iftwx5/TEURCcaFM4ETRqfGdLChFT
kVP2Ambu97s=
=Xacq
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme@acm.org     http://www.pobox.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+