Security Track

Updated: 26 March, 1999

The Law and Digital Certificates

The Law and Digital Signatures - harmonizing national and international laws to provide a framework for electronic commerce

Building a Public Key Infrastructure (PKI) is seen as a prerequisite for the development of electronic commerce and the Security Program Group has made substantial progress in defining some of the key building blocks: CDSA, Single Sign-On and, most recently, Advanced Authorization Services.  But specifications and technology are not enough - establishing trust and confidence requires fundamental changes to our existing legal systems and the enactment of new national legislation.

Existing technology can readily provide the following components to facilitate doing business electronically: encryption of messages and ensuring confidentiality of information, reliable message transport and acknowledgement of delivery, protocols for describing the nature of the transaction and arranging payment.  However, a signature is more difficult to translate into the electronic world.

In the traditional model, a signature fulfils four requirements:  Evidence, Ceremony, Approval, Efficiency and logistics.  Digital signatures could fulfil similar roles but, at present, there are several obstacles to overcome:

• Who will ensure that a digital signature is authentic?
• How far can a digital signature be trusted and who accepts liability?
• What are the criteria for managing digital signatures, particularly their distribution and revocation?
• Are the laws applying to digital signatures internationally accepted?

These key issues have been debated in many national and international fora and many organizations have produced guidelines and enacted legislation.  Amongst all this debate it is important to bear in mind that not only do the proposed solutions have to be legally certain but they should also be efficient to implement.  The Open Group meeting in Copenhagen will bring together key experts from both technical and legal sides to discuss the issues, highlight the problems, and propose solutions.

Those taking part will include delegates from:

The American Bar Association (Joseph Alhadeff - International expert, Michael Baum - ISC Chair, Janjaap Bos - Involvement in diverse European PKI standards efforts, Kevin Coleman - International audit path forward, Emily Frye - Key recovery and consumer issues, William Kenair - European-based; integration/recognition of notarial matters, Hoyt Kesterson - Technical expert; X.509 Chair, Charles Merrill - Co-rapporteur PEG, Mario Miccoli, Randy Sabett - Co-rapporteur PEG, J.F. Sauriol - PKI expert, and Robert Temple - Security expert; standards expert), CommerceNet, The ICX Consortium, and The European Commission - DG3 and DG13.

    
© 1995-2005     Sales Enquiries      Site Index