-----BEGIN PGP SIGNED MESSAGE----- At 01:26 PM 6/27/97 -0700, Eric Murray wrote:
And another question is should government be involved at all? My answer to that is no, not for the setting of CA policy. [CA is Certification Authority]
While I wholeheartedly and forcefully agree with Eric's sentiment, the business reality is that the gov't will be involved in setting CA policy. If for no other reason, simply because CA's will be used by the gov't. Even from a hands off, pro business viewpoint, few CA's will ignore the wishes of their largest customer, the gov't. The gov't will be involved in CA policy for several reasons. I'll lightly glance on some of them. * Beeps and chirps. Signatures on paper have legal meaning. This is why there is a push to use digital signatures - to give them legal meaning. While contract law can be somewhat applied to this concept, many would agree that official acknowledgement of digital signatures is a key element of using digital signatures in commerce. A recent case in Georgia's supreme court ruled that electronic messages were beeps and chirps, and had no legal status as a "writing". The law continually refers to signatures and writings. There must be a law, or interpretation of law to allow for this to be updated to electronic writings. Even if mutual consent could be used between corporations, as the state moves to the cost savings of electronic commerce the state will have to impose laws to enable itself to take advantage of these technologies. At 01:26 PM 6/27/97 -0700, Eric Murray wrote:
The biggest problem with CAs and the law is legal liability. The liability of being a CA is currently unknown until there is case law on the topic.
* Resolving legal liability. Some of the proposed laws for enabling digital signature technology do in fact solve the liability problem for CA's by legislating it out as long as the CA performs due diligence. To enforce due diligence, some laws also provide for government auditing of CA procedures and for injunctive relief to shut down a "rogue" Certification Authority. A copy of one such overly bureaucratic 22 page Certification Authority law can be found at http://www.efga.org/digsig/lawdraft.html This is the original draft of Georgia's Digital Signature law. This draft was thrown out and rewritten from scratch to form a much better law. (assuming any law can be good) -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQBVAwUBM7YF00GpGhRXg5NZAQGnEAH+JRioBgJi2UIK1SkBBtaACNHCsd6nYbyU Q5/57jni0VV1AejCK7tOCFN1KfPe43dKlnsplBrO+spBf7Lt9j90Mw== =pAgj -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key