EU Draft Digital Signature Directive

Richard Clayton richard at turnpike.com
Fri, 28 Aug 1998 11:04:58 +0100 

-----BEGIN PGP SIGNED MESSAGE-----

In article <199808280657.HAA12657@archive-1.ftel.co.uk>, Ian G Batten
<I.G.Batten@ftel.co.uk> writes

>The whole issue I'm wrestling with here, while we're contemplating using
>digital signatures for business approvals, is distinguishing between the
>signature of the chief system administrator (which passes to my deputy,
>my boss, etc, when I'm not here) and the signature of Ian G Batten in
>person (for things relating to me as an employee).  How do we stop
>people signing as the chief sysadmin who shouldn't be now, because I'm
>in, but can next week, because I'm out?  And so on.

the draft Directive does not deal with "group" signatures. The wording
specifically deals with signatures which are tied to a single person
(because they seem to believe that this is possible!)  see 2 1 c [that's
the DEFINITION of an electronic signature].

since many keys in practical use

        "Believe that I am Microsoft and, honestly, I made this DLL"
or
        "I speak for hostmaster@demon.net so please change the DNS"

are not in this category, being shared between several people (though
perhaps only accessible if several of them collude) this means (I assume
- - speak up ! euro-lawyers) that the Directive as currently cast is not
going to provide for Euro-wide legal recognition of them :(

Once again we see a pattern that the State is designing keys with legal
force which will be of use to the State (which cares about having a 1-1
mapping of keys and people), and dressing it up as being "good for
business" whereas in fact commerce needs different things

- -- 
richard                      richard.clayton    @    T U R N P I K E .com
 http://www.demon.net/news/features/crypto/  for Demon's views on crypto
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.1.1 (C) 1997 Pretty Good Privacy, Inc.

iQCVAwUBNeaAyqlbUjjcq7SFAQGrTAP9F7Ag49tMDWeSLo/gvJD3Py/JrmhnaLV9
YwEve3J1LqJkai8fPyOdiTcddSo0NSfumBSN+cAB7GdsTj9bozihJKgrtTiieJHi
dj0bEUi9ND/vraz3Xc/AwJQv4wW7ZWj9Wg5zlgBQ5EwyODZ0MsLFobF2tvqxgQi6
at6DvcRBrqg=
=Btul
-----END PGP SIGNATURE-----