Draft EU directive on electronic signatures
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue, 31 Mar 1998 17:20:21 (NZST)
Peter Dare <peter_dare@uk.ibm.com> writes:
>The European Commission has produced a draft directive on electronic
>signatures (which term includes digital signatures). If adopted by the
>Parliament and Council, the directive will require member states (MS) to pass
>laws (before 1/1/2000 ?) which have the following effect EU-wide:
>[List of generally sensible rules]
>--- All certificates must be properly formatted.
This one is going to be interesting. So far of the better-known
certificate-management tools and CA's I've only found one which doesn't produce
broken certificates in some form (Thawte)[0]. Others range from really bad
(the SWIFT CA and NIST, which the last time I looked didn't even have valid
root CA certs) down to minor stuff (encoding a few oddball fields incorrectly).
Legislating correctly functioning software would be a great boon to people who
have to write code to handle all the broken certs floating around out there.
Peter.
[0] I should mention that I haven't looked at a lot of the stuff produced by
European CA's because their certs don't seem to be generally available. If
anyone has certs from these CA's, I wouldn't mind getting copies to check.