[7293] in cryptography@c2.net mail archive
Re: legal status of digital signatures
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Jun 10 03:29:22 2000
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, rsalz@caveosystems.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Sat, 10 Jun 2000 13:52:26 (NZST)
Message-ID: <96060194610950@kahu.cs.auckland.ac.nz>
Rich Salz <rsalz@caveosystems.com> writes:
>Here's an interesting hypothesis that also touches on Perry's followup.
>Digital signature "laws" are the result of PKI vendors trying to create a
>market.
Just as the Utah digital signature law was also called the "Attorneys Full
Employment Act of 1997" I guess this one could be called the "PKI Vendors
Liquidity Assurance Act of 2000".
>Does anyone really need non-repudiation? Cf the IETF PKIX WG blowing up as
>they try to cram semantics into one bit (1<<6 I think) and then give up.
Actually the PKIX position AFAIK is that nonrepudiation has undefined semantics
(some good suggestions I've seen include renaming the flag the crimeFree bit -
this cert won't be used for fraudulent purposes - or requiring that issuers set
it to true or false at random to weed out implementations which incorrectly
assign some sort of meaning to it).
Peter.
