[15158] in cryptography@c2.net mail archive
Civil law Non Repudiation in Panama (was Re: Non-repudiation)
daemon@ATHENA.MIT.EDU (Pelle Braendgaard)
Mon Jan 5 12:02:35 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Pelle Braendgaard <pelle@veraxpay.com>
To: Cryptography <cryptography@metzdowd.com>
Date: Mon, 5 Jan 2004 10:25:45 -0500
In-Reply-To: <3FF338AA.9000102@algroup.co.uk>
Cc: Sandy Sandfort <sandy@veraxpay.com>
I've been interested in this discussion and have been doing some research i=
nto=20
the legal status here in Panama.
In 2001 the assembly voted into effect Law 43 more commonly known as the=20
electronic commerce law.
http://neuclear.org/ley43.pdf (in Spanish)
It is supposedly based on UNCITRAL of which I admitedly know very little. S=
o I=20
was rereading the law after having read Ben and Nicholas' excellent overvie=
w:
http://www.apache-ssl.org/tech-legal.pdf
In a civil law country like Panama things work a bit differently to the to =
me=20
preferred Common law way of doing it. IANAL and my Spanish aint perfect=20
either, but here is my analyis of Non Repudiation of Digitally Signed=20
Messages in Panama.
The real meat of the matter is handled in Article 31 (Page 10). "Guarantees=
=20
derived from the acceptance of a Certificate":
"The subscriber, at the time of accepting a certificate, guarantees all th=
e =09
people of good faith to be free of fault, and his information contained=20
within is correct, and that:=20
1. The authenticated electronic company/signature verified by means of thi=
s=20
certificate, was created under his exclusive control.
2. No person has had access to the procedure of generation of the electron=
ic=20
signature.
3. The information contained in the certificate is true and corresponds to=
=20
the provided one by this one to the certification organization."
This is backed up by article 33 (Page 11). "Causes for Revocation of=20
Certificates":
=09
"The subscriber of a verified digital signature is obliged to seek revokat=
ion
of the certificate under the following circumstances:
1. Loss of information to validate the Certificate=20
2. If the privacy of the certificate has been exposed or there is danger o=
f=20
illicit use of the certificate.
3. If the subscriber doesnt solicit revocation in any of the proceeding ca=
ses
he will be held responsible for any losses or damages incurred by 3rd part=
ies
of good faith, who confide in the contents of the certificate.=A8
Now bearing in mind the slight misunderstandings of technical terms in the=
=20
law. I see this as saying that once someone accepts a certificate from a CA=
,=20
he is legally responsible in Panama for all information signed by his priva=
te=20
key. Even under the loss of control of the private key, unless the person=20
specifically revokes his key.
I will forward this to a couple of Panamanian lawyers as well to see if the=
y=20
would like to comment as well.
Pelle
=2D-=20
http://talk.org + Live and direct from Panama
http://neuclear.org + Clear it both ways with NeuClear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
