PKAF

Robin Whittle firstpr@ozemail.com.au
Fri, 1 Nov 1996 10:12:47 +0000 

I look forward to reading this final version of the Public Key 
Authentication Framework standard.

I was impressed with the work this Standards Australia committee had 
done in its draft a few months ago.  The crypto secion of my WWW site 
has some tutorial material on digital signatures and PKAF, and my 
public comments on the draft standard.

I heard on the grapevine that the committee had accepted a number of
things that I (and no-doubt others) had been saying.  These include:

1 - The absolute need for the PKAF to never handle private keys (public
    keys and their registration and signed certificates to this effect
    only).  Therefore the need for users to generate their own keys.
    My comments explore in detail how this can be achieved.

2-  For it to have nothing to do with other cryto functions such 
    as the highly sus "Key Escrow" or "Trusted Third Party" stuff, 
    or for providing backups of private keys for any purpose. 
    (I can see no valid reason for keeping backups of signature 
    keys - and backup of encryption keys for data storage can be 
    done fine with locked boxes in safe-deposits.  In the long 
    term there is no need for fixed encryption keys for 
    communications - as PGP has today.  Communicating with a direct
    two-way session, rather than batch mode email, each end simply
    generates a fresh key pair for each session.)

3   For measures to ensure that the PKAF on-line provision of
    Public Key Certificates cannot be milked systematically reveal 
    the existence of, and addresses etc. of, people - unless you 
    already know who to ask for. 

>From what I know, this work by Standards Australia is well in advance 
of other systems in looking at the broader administrative and privacy 
issues.  However there is a *lot* of digital signature work going on 
- and it is one of those many where I am genererally interested but 
don't have time to follow every development.

- Robin


. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .