DTI White Paper on Export Control

[Phillip Temple]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 06:58 AM 7/7/98 +0100, you wrote:
>
>What PGP does also, is to demonstrate the intellectual dishonesty of
>trying to split off digital signatures and associated guaranteeing
>functions, from encryption functions. In these matters there are
always
>mathematical complications, but in principle the one is merely the
>reverse use of sender and receivers keys. Systems which complicate
this
>seem designed merely to split off the 'nice' certification from the
>'nasty' privacy.

It is a logical division when you think about it. There is *never*
a reason for *anyone* to demand the private key for a digital
signature, including the government. If this is separated out and
allowed to continue unmolested, then ecommerce will benefit since
it will not be held back by the 'nasty' privacy issue.

The DTI can then foist the message encryption issue onto the Home
Office under the title 'national security' and pass on the hot potato,
so their motivation is clear. The question is whether the short term
benefit is worth the long term consequences?

It is true that we would then have signatures and certificates as
strong as we want, possibly with legal recognition. On the other
hand, by binding the privacy and ecommerce issues together it
then large corporations can be lobbied more successfully to support
the fight for a secure information infrastructure. Just a thought.

Phillip.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBNaH4UpZ+YpLL3HbhEQIypgCffzlK9MVnDIKlxkFcj/IKlCLqzdYAn2mC
hQ/q/Q8Y0GW2yxvyokdE4g1M
=ghhx
-----END PGP SIGNATURE-----