Steve, Vint, and Steve,
You guys are both very busy, and may have missed my point.
I grant that it may have become rather diffused through
all of the various threads. Let me try one more time.
I an NOT trying to take the position that ALL users of PEM
MUST be legally bound by their signatures, nor am I trying to
say that PEM users should not be ABLE to be legally
bound by their signatures if they choose to be. As users,
we may need to be able to do either, or both, at different times.
What I AM trying to do is to determine which case applies
when, and under which PCA! I thought that that was
the entire reason for having a PCA -- to establish a Policy
by which users certified under that PCA would know and
understand both their rights and responsibilities (i.e.,
potential liabilities). I still think it should be.
In particular, I am concerned that the risk of having a private
key stolen is nontrivial, especially in the case of software-only
user (and CA) implementations. In this case, I want to be
able to protect myself (and my users) from someone who
forges their signature using a compromised key.
The issue really revolves around balancing the good that
digital signatures can bring to society by through such
applications as EDI, without burdening the user with the
risk that he could might be held liable for an agreement
that he really didn't sign when such a burden is not
appropriate for his uses.
I am therefore suggesting that the TIS-PCA is an entirely
appropriate vehicle to be used by those users who wish
to conduct their social, academic, and business afffairs in
private (if they so choose, using the available encryption option),
or who merely wish to have protection against messages being
mangled and/or misattributed to them or someone else.
Because the TIS-PCA does not require the use of hardware
protection for the CA's keys, much less for the user's, a digital
signature certified under that PCA would PRESUMABLY not
carry very much legal weight, as it should be obvious that the
possibility of theft of the user's key can not be ignored.
However, I don't think it would be prudent of me or anyone else
to risk any of their assets under such an untested assumption,
at least without having such limitations clearly spelled out for
others to read and heed.
Unfortunately, the X.509 certificate does not provide a
convenient a place for me to state such conditions, and if my
certificate is stolen and used to forge my signature, the forger
probably won't be so kind as to proclaim those limitations on his
own.
Therefore, although the use of such a digital signature for
binding legal purposes will not, could not, and probably
should not be prohibited under this PCA, it SHOLD be actively
discouraged as imprudent, inappropriate, and unintended,
and potential recipients of such documents should be put
on public notice of that fact. If they choose to ignore this
notice, the burden of proof should be on their heads.
That does NOT mean that PEM can not or should not be used
for binding legal purposes. Instead, it means that digital
signatures CERTIFIED UNDER THIS PCA, specifically the
TIS-PCA, are not intended for such uses.
(By the way, I am making the assumption that I have correctly
understood the (presumably sizable) market niche that
the TIS-PCA is intended to address, but any other PCA with
a similar policy would do as well. And there is certainly nothing to
stop TIS from sponsoring another PCA whose intent IS
to support the use of digital signatures for binding legal
purposes, perhaps even for such bleeding-edge uses as
digitally signing and notarizing documents by a Notary Public.)
On the other hand, the RSA Commercial Hierarchy
presumably IS intended for use by organizations and
individuals for purposes of trade and electronic commerce,
and in this case the legal presumption would cut the other
way.
In this case it would be reasonable to assume that through
the choice of that particular PCA that the user DID intend
for his signature to carry legal weight, and in that case
the issue is how to convey that intent with legal specificity
and still protect the user against possible abuses.
Although the users and the CAs certified under this PCA will
presumably make use of higher security implementations
to protect their private keys (this is just my assumption --
nothing has yet been specified or agreed to by RSA
of the various users along these lines), the fact that this
hierarchy is presumably intended for higher value transactions
also raises the level of risk. This makes it all the more
important that the users be able to put the world on notice
as to exactly what level of legal obligation they are willing to
undertake through the use of their digital signature, and
what caveats, exclusions, and limitations are necessary
for their own protection, the protection of their organization,
and the protection of their CA and perhaps their PCA.
I believe that an affidavit that declares to the world that
the user is who he claims to be, and that he intends to be
bound by his digital signature as though it were his written
signature, but only under a fixed set of conditions, is a legally
binding and efficient way of handling this problem for those
users who choose to do so. I am therefore suggesting that
users who have a need for such a service sign a notarized
Affidavit of Legal Mark that would be held by their CA for an
extended period of time (perhaps 25 years?), and that an
electronic copy of that Affidavit be signed by the user and two
iompartial witnesses and made available to the entire world,
perhaps by FTP to the CA,or ultimately as an entry within an
X.500 directory.
(The reason for filing the paper copy of the notarized affidavit with
the CA for such a long time is that the state of the law in several
states is such that it is not yet clear whether a Notary can legally
sign and notarize something using a digital signature, and in this
particular case enabling legislation may be needed. However, by
reliably and widely advertising the availability of the notarized
Affidavit by means of a digitally signed and witnessed electronic
copy, we have achieved almost the same effect as an electronic
notarization.)
Assuming that a sufficiently large user community adopts such
a position and they all publish their Affidavits as a condition of
being certified under the Policy promulgated by that PCA,
everyone in the world who cares to check that PCA's policy
will be on notice to retrieve and carefully read that user's Affidavit
before blindly assuming that the digital signature carries legal weight.
This also would satisfy my intent to shield users from UNINTENDED
liability.
It seems to me that it will be absolutely necessary for the PEM
community to let these two different approachs survive and
flourish if PEM is to reach its full potential. I see nothing in
this position that is at all contrary to the intent of PEM or the RFCs,
and think it can be handled as I thought it was supposed to be
all along, by publishing the appropriate PCA policies and letting
the users choose which PCA to be certified under.
By the way, I understand that a CA is prohibited from being
certified by more than one PCA. I'm not sure that I understand the
reason why, as it should be obvious from the CA's Issuer name
who the PCA is.
In any case, I see no reason why a given ORGANIZATION could not
operate two different CAs under two different names, and have each
CA certified by two different PCAs under two different policies. If
the two different CAs have different names, then the user's Distinguished
Name will also be different (under the name subordination rules),
so there should not be any confusion as to which PCA policy was
intended to apply to a given digital signature.
Are we getting any closer to a common position?