[2533] in cryptography@c2.net mail archive
Re: draft of my letter to Canada's Crypto Policy
daemon@ATHENA.MIT.EDU (Marcus Leech)
Tue Apr 21 13:29:26 1998
Date: Fri, 17 Apr 1998 06:04:08 +0200
From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>
To: Stanton McCandlish <mech@eff.org>
CC: cryptography@c2.net
Stanton McCandlish wrote:
> You don't need a government "infrastructure" (bureaucracy) for "key
> management" to do this, and the dangers of having one are severe, not to
> mention the costs and likely points of failure.
>
Having been involved, to some degree, in the Government of Canada (GOC)
PKI project, I'd like to clarify things a bit. The GOC PKI
is being set up to allow internal government functions to
use PKI technology, and to allow suppliers to the government
to use PKI-protected EDI and commerce technology. The GOC has
also proposed that commercial CAs MAY wish to cross-certify with
the government CA(s). NOTHING that I have seen mandates that
ordinary citizens be compelled to use the GOC PKI--except perhaps
in the distant future when crypto smartcards may replace existing
systems for social-insurance-number-required transactions with
the government.
My "sense" (at partially derived from my experience on the "inside")
is that the GOC is not interested in the same totalitarian measures
that the US government is proposing wrt crypto policy. That is not
to say that the GOC should not be given a healthy dose of libertarian
thinking in the matter of crypto policy--I believe that their call
for public input will give them this "healty dose".
