OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] Standards for Web-signing II

I think it is fair to say that disappointments with traditional PKI have caused policy makers to look elsewhere. One example is the US courts. A national conference of state court judges recently endorsed a proposal of an ad hoc committee sponsored by the national center for state courts that obviates digital signatures for electronically filed pleadings, orders and judgments for court cases. Instead, the proposal would use a database to store unencrypted hashes of filed documents and an undefined method of authenticating lawyers and judges who filed the documents, creating a database association between a document and an authentication method. Though not described as such, the database association is legally sufficient to be considered an electronic signature under the US ESign law, which is technology neutral.

The judges are expected to propose this method to the American Bar Association at its mid-year meeting in February 2004. Some parts of the ABA have taken a different position on signatures. Attached is a paper written to the U.S. Bureau of Citizenship and Immigration Services about its proposed electronic filing system, including electronic signatures, from the Science and Technology Section of the ABA. It postulates three types of electronic signatures that can be considered, including PKI and the document hash method described above, along with a third that involves a digital signature server to sign for individuals and entities. The DSS TC of OASIS is currently developing XML standards for such an approach.

The paper warns of inadequate security methods and cites the recent case of two California court consultants who were convicted of altering criminal conviction records, which they were paid to "make disappear." 

A copy is attached.

If the document hash approach is adopted by the ABA, it is likely that many if not all state and federal courts will adopt such an approach, which could in turn influence judicial thinking and opinions on the adequacy of such an approach generally for e-commerce matters.

As the Chair of the Electronic Filing Committee of the ABA, I am helping to create a compendium of expert opinions of those who feel it is useful to speak out and be heard on the forthcoming vote for presentation to the ABA.

Please communicate your views via private email to me. Best regards to all.

John Messing
ABA voting representative to OASIS
Chair, Electronic Filing Committee, ABA
Chair, eNotary TC, LegalXML-OASIS

---------- Original Message ----------------------------------
From: "Anders Rundgren" <anders.rundgren@telia.com>
Date:  Tue, 28 Oct 2003 14:46:37 +0100

>The answer to my earlier request seems to be:
>
>There are apparently no standards and nothing in the works either
>with respect to signing on-line data on the web using Internet browsers.
>
>Since web-signing is today [*] used by many, many, more people
>and organizations than there are users of signed e-email, I remain puzzled.
>
>Is the PKI community really just a bunch of "nerds", mostly
>out of touch with the needs of the market?  The question is open.
>
>*] Like Scandinavian banks having > 0.5M of users.
>All current systems rely on entirely proprietary mechanisms.
>Most of the vendors even require NDAs for getting the documentation.
>
>Anders Rundgren
>
>
>----- Original Message -----
>From: "Anders Rundgren" <anders.rundgren@telia.com>
>To: <pki-tc@lists.oasis-open.org>; <ietf-pkix@imc.org>; <ietf-smime@imc.org>
>Sent: Tuesday, September 02, 2003 14:07
>Subject: [pki-tc] Standards for Web-signing
>
>
>Folks,
>I just wanted to know the status of possible standardization
>efforts regarding signing on-line forms etc. on web.  As web-signing
>is a core function of many e-governments when communicating
>with their citizens it seems that this should be standardized if
>not already is.
>
>Pointers are welcome.  Off-list or on-list.
>
>rgds
>Anders Rundgren
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php.
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php.
>
>

ABA Comments on BCIS signatures.pdf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]