[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] EU Directive versus ABA "digest signatures"
John, I do not believe it appropriate te for the DSS to give give a definitive opinion on the legal accepatability and strength of this mechanism for court filing. Firstly, the legal implications of using particular mechanisms for court filing I expect differs widely across different nations and, other than yourself John, I beleieve that this committee is from a technical background. Secondly, the security that can be achieved with a database depends on many factors outside the scope of the protocol: such as the platform used, the security management, physical / procedural controls. It is reasonable for the DSS to consider adding support for this mechanism as a profile of the DSS protocol, and in doing this there needs to be some discussion on its merits. Thus, I am happy that we continue this discussion on the list but I suggest that I suggest that the assessment of the approach for court filing is more appropriately done at the individual level than as a formal position by the DSS. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 21 October 2003 15:23 > To: dss@lists.oasis-open.org; KarelWouters; Andreas Kuehne > Subject: Re: [dss] EU Directive versus ABA "digest signatures" > > > I appreciate Andreas' candor and the fact that he has spoken up > on this important topic. However, as I tried to point yesterday > on the call, it is probably inaccurate to label this an ABA approach. > > The American Bar Association's Science and Technology Section > recently laid out three possible approaches, without recommending > any, for the benefit of the US Bureau of Citizenship and > Immigration Services, including traditional PKI. Science and > Technology is just one division, although perhaps an important > part of the ABA, and it does not speak for the entire > organization. The Electronic Filing Committee of the ABA which I > chair authored the paper. A copy is attached to this message. It > includes references to various links and documents which Steve > Gray has just asked me to provide. It also mentions the use of a > DSS delegated signing use case as an example of using encrypted > hashes or digital signatures as one of the three types of > approaches, mentions the work of the DSS TC, and explains the > historical derivation of the alternative digest type of solution, > which originated not with the ABA but with an ad hoc committee > sponsored by the National Center for State Courts that made > recommendations about electronic filing processes in a published > report. The method of authenticating filers and digested filed > documents is only a part of the report, which covers many other > aspects of electronic filing, many of them highly useful. > > One point that should be kept in mind is that under the approach > of the electronic processes committee, court orders and judgments > having legal force will be filed and subjected to the same types > of processes and documents filed by attorneys or litigants for > presentation to the court, and thus will be signed identically. > > It would also be erroneous to assume that timestamping will > inevitably become part of the digest type of signature solution > that may be adopted by the US courts. It is not out of the > question, but the use of timestamps has not yet been seen by the > proponents of the digest type of solution as necessary or appropriate. > > The fact that the ABA has not yet taken a position is important, > but it should also be noted that the electronic filing processes > committee's recommendations have already been adopted by two > influential membership associations of state court > administrators, which has resulted in their incorporation in many > requests for proposals from state courts to construct electronic > court filing systems in the United States. A national conference > of US Court judges recently adopted the electronic filing process > committee's recommendations and incorporated them in draft rules > which will likely be proposed to the ABA House of Delegates, a > parliamentary type of body, in early February of 2004. If the ABA > as a whole adopts the recommendations, then the federal courts in > the US may follow suit. If the US courts use the digest type of > signature solution in preference to encrypted hashes or PKI in > the internal electronic filing processes, then the digest type of > solution may come to be perceived as a perfectly suitable for > other types of e-commerce by the courts, which could affect > judicial thinking in decisions handed down in the United States. > > The issue to my way of thinking is primarily one of security. > Unencrypted hashes and audit records of authentication in a > database require heightened database security to prevent > alteration of the records, while encrypted hashes or digital > signatures can take up a part of the security burden by virtue of > protections provided to the private key. > > Already in California, in a case not involving digests or > electronic signatures but of database access privileges, there > has been a documented case of alteration of database records of a > court to make criminal convictions "disappear". The guilty > parties were ultimately convicted and sentenced. The references > can be found in the attached ABA paper. > > As the Chair of the Electronic Filing Committee of the ABA, I > feel an important service to the ABA and the American judiciary > could be a compilation of opinions and reasons for the opinions > of those possessing expertise on these issues, and the > presentation of the compilation to those who will deliberate to > vote upon the issue. I have encouraged the DSS TC itself to take > a position by either adopting or rejecting digested electronic > signatures as part of the scope and requirements of the TC, and > for members to write to me by private email as individuals or > representatives of organizations and companies, with a statement > of background and credentials, in order to weigh in on this > important issue before the February vote takes place. > > As a final note, one member of the electronic filing processes > committee that came up with the digest type of solution has > privately observed to me that there was no expert on cryptography > or digital signatures who took part in the work of the committee, > and as a result the cryptographic issues may have been > imperfectly understood in its deliberations. That does not mean > that ultimately the recommendations were wrong, but simply that > the committee may have stumbled upon a good solution anyway. > > I emphasize that the opinions of each of you who have knowledge, > expertise, training and experience on issues of security and > cryptography could matter to those who will be voting on the > proposals to the ABA in February, and I encourage each of you to > communicate your views along with a statement of your background > and experience so that the importance of your voice can be > properly understood by all. > > Thank you and best regards to all. > > John Messing > > ABA voting representative to OASIS > Chair, Electronic Filing Committee, ST, ABA > Chair, eNotary TC, LegalXML-OASIS > > ---------- Original Message ---------------------------------- > From: "Andreas Kuehne" <kuehne@klup.de> > Date: Tue, 21 Oct 2003 15:02:22 +0200 > > >Hi Karel ! > > > >> ... which also means that my name under this email is a proper > electronic > >> signature. > >Yes, if your name is a valid hash of your message and I can find > it in a special database under a proper key ... that would convince me ! > > > >> Advanced Electronic Signatures and Qualified Signatures are > what DSS is targeting, I guess ? > >Of course they are in the focus, but a signing service should > not be limited to it. > > > >Despite having no experience with "digest signatures" it seems > to be an intersting solution. As a tradeoff for the need of > online access you need just ONE crypto algorithm ( the hash ) > that weakens over time .. Timestamping is included .. Archiving > is in the concept right from the start ... > > > >> So to include "digest signatures", you'll need some other > motivation too. > >I would need some other motivation to exlude "digest signatures" ! > > > >To design a good service interface that can stand the test of > time is always a difficult task. I don't think it's a good > approach to narrow its operational area just because one > technique today is more common than another. > > > > > >Greetings > > > >Andreas > >_________________________________________________________________ > _____________ > >Horoskop, Comics, VIPs, Wetter, Sport und Lotto im WEB.DE Screensaver1.2 > >Kostenlos downloaden: http://screensaver.web.de/?mc=021110 > > > > > >To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor kgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]