Management of signature keys for government

[Brian Gladman]

-----Original Message-----
From: Paul Leyland <pleyland@microsoft.com>
To: 'ukcrypto@maillist.ox.ac.uk' <ukcrypto@maillist.ox.ac.uk>
Date: 02 March 1998 13:54
Subject: RE: Management of signature keys for government


>Ross wrote about personalizing cards:
>
>> It is in theory possible for keypairs to be generated locally by the
>> user. Of course, one would need something like a trustworthy terminal
>> in a public place into which a customer could insert a virgin card,
>> wait while it computed a key, then obtain from it a printed key
>> fingerprint which she could sign and present together with ID to a
>> clerk in order to get a certificate. It's unlikely that the uptake of
>> cards would be high if getting one involved so much hassle.
>
>It seems to me that he's analyzing only the cost and not the benefit of the
>process.   Consider: a very large number of people go to substantially more
>trouble than that described above so that they can obtain a passport.   If
>the benefit from obtaining a card is comparable (or even significantly
less)
>than that from obtaining a passport, the takeup will be high.
>
>Paul
>

I have not yet rejected the idea and, as you suggest, I am more interested
in this as a cost/benefit issue rather than one of principle (cost = total
cost, not just money).  If I understand Ross's position correctly, he is
against such developments as a matter of principle.

I have not made up my mind yet whether voluntary electronic identity cards
are a good or bad thing and I would certainly like to know whether they are
technically feasible in a form that is safe from a citizen's perspective.

I suspect that smartcards are not good enough for this at the moment but I
am open minded and would like to know more. However, aside from some
comments from Ross, I have not found any published material setting out UK
government plans here.

  Brian