Question on U.S. Postal Service and crypto
This is for a story for Time on the "new" U.S .Postal Service. I vaguely recall the USPS trying to set digital signature standards and/or serve as a CA. I'd like to mention this. Can't remember the details, though. Does anyone have 'em (or a pointer to them) handy? -Declan
At 02:07 PM 1/6/98 -0800, Declan McCullagh wrote:
This is for a story for Time on the "new" U.S .Postal Service. I vaguely recall the USPS trying to set digital signature standards and/or serve as a CA. I'd like to mention this.
Can't remember the details, though. Does anyone have 'em (or a pointer to them) handy?
A few months back I asked a USPS rep about this, and was told that the idea had been scrapped. I do not know that this was correct. The USPS was going to do timestamping as well as act as a CA as I recall. The timestamping is a action that "postmarks" the digitally signed message. Many attorneys feel this is a very good thing, though I have had a hard time justifying the need for this to some technically inclined people. Try "digital postmark" in yahoo. http://www.aegisstar.com/uspsepm.html http://xent.ics.uci.edu/FoRK-archive/fall96/0328.html An interesting feature of the digital postmark is that the USPS was making the claim that if you receive an email that the USPS send to you that was not meant for you, then you have committed a federal crime when you read it. Additional timestamping services are available perhaps from Pitney Bowes, Arthur Anderson, and http://www.itconsult.co.uk/stamper.htm. My memory on this fails me. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
Robert A. Costner wrote:
A few months back I asked a USPS rep about this, and was told that the idea had been scrapped. I do not know that this was correct. The USPS was going to do timestamping as well as act as a CA as I recall. The timestamping is a action that "postmarks" the digitally signed message. Many attorneys feel this is a very good thing, though I have had a hard time justifying the need for this to some technically inclined people.
I have it on good authority that either the plan has been scrapped or that it has simply gone nowhere (same result).
An interesting feature of the digital postmark is that the USPS was making the claim that if you receive an email that the USPS send to you that was not meant for you, then you have committed a federal crime when you read it.
I'm not so sure about this, Robert. I've heard the rumor that it is a crime, but I have also heard that if something is delivered to your box, it is yours and you are not required to send it back unopened if it is not addressed to you. I tend to believe the latter, as it is the side of the story shared by USPS employees. It certainly is a federal crime, however, for the indended recipient to get into your mailbox to get a message which was incorrectly delivered to you, however! --David Miller
At 10:45 AM 1/8/98 -0800, David Miller wrote:
An interesting feature of the digital postmark is that the USPS was making the claim that if you receive an email that the USPS send to you that was not meant for you, then you have committed a federal crime when you read it.
I'm not so sure about this, Robert. I've heard the rumor that it is a crime, but I have also heard that if something is delivered to your box, it is yours and you are not required to send it back unopened if it is not addressed to you. I tend to believe the latter, as it is the side of the story shared by USPS employees.
I wasn't commenting on the legality, but on the fact that the USPS web page was making the claim that it was a crime. Apparently whoever wrote the legal disclaimer felt that email could be misdelivered in the same fashion in which postal mail could be misdelivered and was making this claim. I found the claim to be nutty and made me think they didn't know what they were doing. -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
Robert Costner <pooh@efga.org> writes:
[...] The timestamping is a action that "postmarks" the digitally signed message. Many attorneys feel this is a very good thing, though I have had a hard time justifying the need for this to some technically inclined people.
One use for time-stamping is to allow digital signatures to out-live the validity period of a given public private key pair. If the time-stamped signature shows that the document was signed during the life-time of the signing key pair this provides additional assurance that the signature is still valid despite the fact that the key is now marked as expired, or was say later compromised and revoked. Lots of other uses for time-stamping services also; I thought of a use for them in the eternity service in preventing race conditions. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
-----BEGIN PGP SIGNED MESSAGE----- In <199801081450.OAA00500@server.eternity.org>, on 01/08/98 at 02:50 PM, Adam Back <aba@dcs.ex.ac.uk> said:
Robert Costner <pooh@efga.org> writes:
[...] The timestamping is a action that "postmarks" the digitally signed message. Many attorneys feel this is a very good thing, though I have had a hard time justifying the need for this to some technically inclined people.
One use for time-stamping is to allow digital signatures to out-live the validity period of a given public private key pair. If the time-stamped signature shows that the document was signed during the life-time of the signing key pair this provides additional assurance that the signature is still valid despite the fact that the key is now marked as expired, or was say later compromised and revoked.
No it does not. The date that a Key becomes comprimised and the date that the owner of a Key knowns it is comprimised are two very different things and somthing that time-stamping can not solve. You also have at issue of what does one do with long term signatures if the undelying technology is broken. Say you sign a 30yr morgage electronically and 15yrs latter the algorithms that were used and now broken. Not to mention what does one do when the time-stamping key is comprimised. - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNLVZgY9Co1n+aLhhAQF5HAQAvGRMd3YWhcQiZyaYrK7EJ46JC53E92h9 IR6QuO3rew6wdwUNavg6TPRgpF8L9kXAKaH35IFePBvfsSKzoCMxsSpdcoo4RuMx ZMqa81jWaJmKBNjAhyD1qSwsgiQnXaAEcAV7mIa3AboUm8bfA1JbfwiA/SE7i/g2 uF08Pnh90Yw= =KT64 -----END PGP SIGNATURE-----
participants (5)
-
Adam Back -
David Miller -
Declan McCullagh -
Robert A. Costner -
William H. Geiger III