Electronic writing, signatures

[Ben Laurie]

Nicholas Bohm wrote:
> 
> The Law Commission has published its advice to the Government on the need
> for reform of the law to accommodate electronic writing and electronic
> signatures.

I notice that in 3.31 they include mention of CAs w.r.t. digital
signatures:

"By using a public key encryption system involving a certification
authority a
digital signature can give a high level of assurance that an electronic
communication has been sent by the person possessing the ‘private key’;
that it
came from a particular individual; and that it was not changed en
route."

This seems to me to be entirely inappropriate and only serves to put
barriers in the way of alternatives to CA based PKI. Although a CA is
one way of validating the private key, it is far from being the only (or
even the best) way to do it, particularly given the well-known avoidance
of liability CAs practice.

Are they interested in feedback at all?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff