From a legal point of view, a digital certificate is a form of warranty. Warranties ascribe and allocate rights in a transaction, a business that commercial banks happen to understand quite well. But a digital certificate is not meant and should not be viewed as unlimited insurance for the use of
--- begin forwarded text X-Sender: rhornbec@counselpop.com Mime-Version: 1.0 Date: Thu, 25 Sep 1997 05:59:31 -0500 Reply-To: Digital Signature discussion <DIGSIG@VM.TEMPLE.EDU> Sender: Digital Signature discussion <DIGSIG@VM.TEMPLE.EDU> From: Rick Hornbeck <rhornbec@COUNSEL.COM> Subject: American Banker - National ID - addendum To: DIGSIG@VM.TEMPLE.EDU Either the Temple listserve is automatically limiting the length of my posts (<gr>) or I discovered a new e-mail bug. Here is the balance of the excerpt from the American Banker article I intended to post earlier. ==================== What actions should a certificate authority be required to take in this imperfect system to certify that X's public key actually is being used by X? To allow the electronic marketplace to operate effectively and efficiently, at a minimum certificate authorities must be able to achieve some level of certainty that if they have prudently conducted the due diligence required, they cannot be held responsible for fraud or malfunctions. National Identification Verification Standards-NIVS-would underscore that there should be only a limited range of actions for which a certificate authority should be held responsible in an electronic transaction. These standards eventually would need to be truly universal because of the globality and borderlessness of cyberspace. Moreover, such standards could level the playing field vis-a-vis the different levels of trust that might otherwise be accorded certificate authorities of various sizes, financial capacity, name recognition, and national origin. What should the elements of these national verification standards be? The more that the system relies on primary "root" documentation (paper or electronic) certified by the originator, the greater the certainty, albeit imperfect, that the certificate authority can achieve. The adoption of an integrated certification data base accessible to all certificate authorities must also be explored. A network that will allow each certificate authority to cross-reference digital certificates and confirm the issuance of multiple certificates to the subscriber will allow the digital signature market to function more efficiently and safely. the certificate or the successful completion of an electronic transaction facilitated by that certificate. In that regard, the adoption of these standards might facilitate the development of a national market for certificate authority errors-and- omissions insurance. It might also facilitate the creation and operation of what one observer has called "cybernotaries." Without uniformity in the authentication process, the efficiencies of certificates and the effectiveness of electronic commerce will be undercut. Richard N. Hornbeck Electronic Commerce Services "The most important step in arriving at the right answer, is asking the right question." Albert Einstein ("Al"). --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/