[349] in cryptography@c2.net mail archive
Digital Signatures without PKCS
daemon@ATHENA.MIT.EDU (P. J. Ponder)
Sat Mar 15 16:07:51 1997
Date: Sat, 15 Mar 1997 00:20:57 -0500 (EST)
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
To: cryptography@c2.net
The State of Florida adopted legislation last year which includes the
following definition:
from section 282.72, Florida Statutes (1996):
(3) "Digital signature" means a type of electronic signature that
transforms a message using an asymmetric cryptosystem such that a person
having the initial message and the signer's public key can accurately
determine:
(a) Whether the transformation was created using the private key that
corresponds to the signer's public key.
(b) Whether the initial message has been altered since the transformation
was made.
A "key pair" is a private key and its corresponding public key in an
asymmetric cryptosystem, under which the public key verifies a digital
signature the private key creates. An "asymmetric cryptosystem" is an
algorithm or series of algorithms which provide a secure key pair.
----- end of quoted material -----
This definition excludes signatures and possibly other authentication
technologies based on secret key methods. Many such methods have been
proposed, such as the efforts of Hugo Krawczyk, William Simpson, and
our own moderator Perry Metzger. I think from a technical or mathematical
standpoint there is no reason to exclude shared key methods from a legal
definition of 'digital signatures'.
I may have an opportunity to testify in the next week or two before a
Florida legislative committee on the subject of amendments to the 1996
law, and I would like to raise the issue of expanding this definition to
include secret or shared key methods. I would like to bring with me
copies of e-mail from knowledgeable folks. If you feel like contributing,
please e-mail me directly at: ponder@freenet.tlh.fl.us with your answer to
the question:
Should the legal definition of 'digital signature' be limited to methods
based on public key cryptography?
Thank you. If anyone is interested, I'll summarize the results later and
post them, although I think the answer is fairly obvious.
