Fri, 1 Nov 1996 10:12:47 +0000
I look forward to reading this final version of the Public Key
Authentication Framework standard.
I was impressed with the work this Standards Australia committee had
done in its draft a few months ago. The crypto secion of my WWW site
has some tutorial material on digital signatures and PKAF, and my
public comments on the draft standard.
I heard on the grapevine that the committee had accepted a number of
things that I (and no-doubt others) had been saying. These include:
1 - The absolute need for the PKAF to never handle private keys (public
keys and their registration and signed certificates to this effect
only). Therefore the need for users to generate their own keys.
My comments explore in detail how this can be achieved.
2- For it to have nothing to do with other cryto functions such
as the highly sus "Key Escrow" or "Trusted Third Party" stuff,
or for providing backups of private keys for any purpose.
(I can see no valid reason for keeping backups of signature
keys - and backup of encryption keys for data storage can be
done fine with locked boxes in safe-deposits. In the long
term there is no need for fixed encryption keys for
communications - as PGP has today. Communicating with a direct
two-way session, rather than batch mode email, each end simply
generates a fresh key pair for each session.)
3 For measures to ensure that the PKAF on-line provision of
Public Key Certificates cannot be milked systematically reveal
the existence of, and addresses etc. of, people - unless you
already know who to ask for.
>From what I know, this work by Standards Australia is well in advance
of other systems in looking at the broader administrative and privacy
issues. However there is a *lot* of digital signature work going on
- and it is one of those many where I am genererally interested but
don't have time to follow every development.
. Robin Whittle .
. http://www.ozemail.com.au/~firstpr email@example.com .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia .
. Ph +61-3-9459-2889 Fax +61-3-9458-1736 .
. Consumer advocacy in telecommunications, especially privacy .
. First Principles - Research and expression - music, .
. music industry, telecommunications .
. human factors in technology adoption.
. Real World Interfaces - Hardware and software, especially .
. for music .