[357] in cryptography@c2.net mail archive
Re: Digital Signatures without PKCS
daemon@ATHENA.MIT.EDU (Richard L. Field)
Sun Mar 16 16:31:35 1997
Date: Sun, 16 Mar 1997 06:25:54 -0500 (EST)
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
From: "Richard L. Field" <field@pipeline.com>
Cc: cryptography@c2.net
At 12:20 AM 3/15/97 -0500, P. J. Ponder wrote (in short):
>
>Should the legal definition of 'digital signature' [in the Florida act]
>be limited to methods based on public key cryptography?
Before you testify, please read the rest of the act. When first
proposed, immediately after your quoted language the act went on to say:
(4) "Electronic signature" means any letters, characters, or symbols,
manifested by electronic or similar means, executed or adopted by a party
with an intent to authenticate a writing. A writing is electronically
signed if an electronic signature is logically associated with such writing.
Section 5. Notwithstanding any law to the contrary, an electronic signature
may be used to sign a writing and shall have the same force and effect as a
written signature.
I would suggest that the basic current definition of "digital signature"
be retained, since it reflects the generally accepted understanding of the term.
Richard Field
At 12:20 AM 3/15/97 -0500, P. J. Ponder wrote (in full):
>
>The State of Florida adopted legislation last year which includes the
>following definition:
>
>from section 282.72, Florida Statutes (1996):
>
>(3) "Digital signature" means a type of electronic signature that
>transforms a message using an asymmetric cryptosystem such that a person
>having the initial message and the signer's public key can accurately
>determine:
>
>(a) Whether the transformation was created using the private key that
>corresponds to the signer's public key.
>
>(b) Whether the initial message has been altered since the transformation
>was made.
>
>A "key pair" is a private key and its corresponding public key in an
>asymmetric cryptosystem, under which the public key verifies a digital
>signature the private key creates. An "asymmetric cryptosystem" is an
>algorithm or series of algorithms which provide a secure key pair.
>
>----- end of quoted material -----
>
>This definition excludes signatures and possibly other authentication
>technologies based on secret key methods. Many such methods have been
>proposed, such as the efforts of Hugo Krawczyk, William Simpson, and
>our own moderator Perry Metzger. I think from a technical or mathematical
>standpoint there is no reason to exclude shared key methods from a legal
>definition of 'digital signatures'.
>
>I may have an opportunity to testify in the next week or two before a
>Florida legislative committee on the subject of amendments to the 1996
>law, and I would like to raise the issue of expanding this definition to
>include secret or shared key methods. I would like to bring with me
>copies of e-mail from knowledgeable folks. If you feel like contributing,
>please e-mail me directly at: ponder@freenet.tlh.fl.us with your answer to
>the question:
>
>Should the legal definition of 'digital signature' be limited to methods
>based on public key cryptography?
>
>Thank you. If anyone is interested, I'll summarize the results later and
>post them, although I think the answer is fairly obvious.
