[2523] in cryptography@c2.net mail archive
Re: draft of my letter to Canada's Crypto Policy
daemon@ATHENA.MIT.EDU (Stanton McCandlish)
Thu Apr 16 16:11:41 1998
From: Stanton McCandlish <mech@eff.org>
To: efc-talk@efc.ca, cryptography@c2.net
Date: Wed, 15 Apr 1998 16:49:28 -0700 (PDT)
In-Reply-To: <3.0.5.16.19980415112529.2e2fac54@glyphmetrics.ca> from "M Taylor" at Apr 15, 98 11:25:29 am
Besides it being in need of spelling and grammar checks (this is not a
complaint, just an observation that the letter should be edited before
submitting it IC), I'm very skeptical of supporting "key management
infrastructures". Every proposal for one I have ever seen has been a
completely unnecessary bureacracy that simultaneously strips citizens of
the presumptive right to sign their own names (electronically) without a
government license or seal or approval, and sets up an infrastructure that
can easily be modified (e.g. by later legislation) into a key "escrow"
system.
If government wants to foster digital capabilities on the part of notaries
or some notary-like functionary that's fine. This would enable the
government to require, or private parties to a contract to agree to, the
use of certified, i.e. notarized, digital signatures to ascertain that a
particular digital signature does in fact pertain to a certain real-world
identity. For all other applications, the market reputation of a
self-certifying digital signature authority is not only sufficient, but
orders of magnitude more secure and accountable, than the present system
of manual signature that our entire legal and commercial systems rely on
every day and have relied on since writing, laws and contracts were
invented.
You don't need a government "infrastructure" (bureaucracy) for "key
management" to do this, and the dangers of having one are severe, not to
mention the costs and likely points of failure.
--
Stanton McCandlish mech@eff.org
Electronic Frontier Foundation Program Director
http://www.eff.org/~mech +1 415 436 9333 x105 (v), +1 415 436 9333 (f)
Are YOU an EFF member? http://www.eff.org/join
