Certificates Useful for Electronic Commerce?

[Brian Gladman]

From: Ben Laurie <ben@algroup.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 06 August 1999 16:26 PM
Subject: Re: The obscurity of clause 7 of the draft Bill


> Nicholas Bohm wrote:
> > I happen to doubt the significance of certificates
> > for electronic commerce;
>
> It would be interesting to hear why (and what you think can replace
> them), but not in this thread.

I think the real issue here is the definition of a 'certificate'.  If it is
an identity certificate - one that is trying to link a person's identity to
a key in some way - then I believe Nicholas is entirely right to doubt their
value.  And, since this seems to be the sort of certificate the Government
is aiming at, this does lead to a concern that the parts of the Bill dealing
with signatures will do very little for electronic commerce.

If however, a certificate confers some form of permission on a key (and/or a
key holder) then I am less doubtful and I do believe that certificates will
have uses.  However, this type of certificate will typically be issued and
verified within a context set by multiple closed two party relationships
where contracts can be used to set the conditions of use and hence avoid the
difficult issues of open third party liability.

And, of course, we do not need any legislation to validate the use of
certificates in such situations.

I can envisage potential applications for open certificates but the issues
involved in their use seem most unlikely to be resolved by the proposals set
out in the Electronic Communications Bill.

       Brian