Scope And Assumptions.
Back to Table of Contents
The issues implicated by PKI are extensive and complex. We have
not attempted to address all of these issues in this Report, although
many of them warrant additional analysis. The following list
represents some of the major assumptions that we have made:
(a) We have not attempted to compare the desirability of
centralized trust systems for PKI with other models for authenticating
trading partners or improving the security of the Internet. Among
these competing approaches to authentication are challenge-response
identification; the "web-of-trust" model (found most
prominently among users of Pretty Good Privacy); passcards and
other hardware devices; biometric systems such as those developed
by PenOp and Mytec Technologies; and Electronic Data Interchange
over a value added network. There are strengths and weaknesses
to each of these competing approaches that are currently being
debated elsewhere. Conceivably some of these alternative models
for authentication may be partially incorporated into a trusted
third party (CA-oriented) PKI.
(b) Throughout this Report, we have focused only on consumer
transactions utilizing the services of commercial CAs. There
is no intent to suggest that consumer transactions are the most
important or even best application for digital signatures or that
commercial CAs should preclude government CAs. However, in this
pilot project, we have not attempted to address all possible scenarios.
(c) We note that digital signatures and certificates are
currently being deployed in a number of other interesting applications.
For example, a number of vendors are using digital signatures
and CA schemes as an access control device -- either as a device
for metering access to intellectual property available on the
Internet, or in the "Intranet" context, where certificates
are used to regulate which employees are entitled to access proprietary
resources. Another increasingly common use is authentication
of the source and functionality of software distributed over the
Internet. The issues involved in this context could be materially
different than those found in the consumer commercial context,
and we have not attempted to address them here.
(d) Similarly, we note that some legislatures are authorizing
the limited use of digital signatures for specified government
purposes, such as the filing of court documents, tax returns or
architectural design plans or for signing medical records. We
do not attempt to address the issues regarding the use of digital
signatures for these specified, limited purposes.
(e) Throughout this Report we address certificates designed
to confirm identity. In fact, certificates are capable of providing
information about consumer attributes beyond simply that consumer's
"identity" -- perhaps even on an anonymous basis. For
example, a certificate could certify that a person was over 21
and therefore permitted to access materials restricted to people
over that age without disclosing the person's name. Although
certificates are likely to find substantial uses in these ways,
we have not attempted to address these issues.
(f) We have assumed that cryptographic devices sufficient
to generate difficult-to-determine key pairs will be widely available
across international borders. Currently the distribution of these
devices is controlled by a number of governments, and such regulation
is the subject of substantial debate. Further, we do not address
any issues related to the escrowing of keys.
(g) Generally, we have assumed that consumers (and not
other parties) will make the substantive decision about which
CAs they will establish relationships with. However, it is possible
that merchants or the payment systems (such as the credit card
associations) will drive this decision by dictating which CAs'
certificates they will accept, effectively forcing consumers to
procure certificates from these CAs. Because it fundamentally
alters the freedom of contract principles we have tried to support
in this Report, lack of consumer choice over what CA is used raises
a host of new consumer protection and other issues that we have
not attempted to address here.
(h) We have assumed that CAs, if given the opportunity,
would enter into contracts with merchants rather than rely on
the default non-contract rules (i.e., tort principles under common
law or statutory rules). We make this assumption because of the
incentives CAs will have to disclaim warranties to merchants,
to exclude consequential and other party-specific damages, and
to impose dollar caps on liabilities. It is possible that CAs
would not want to enter into contracts with merchants if these
objectives cannot be met (for example, if the waivers or exclusions
are unconscionable or fail of their essential purpose). However,
we believe that CAs hope and expect that their relationships with
merchants will be governed by contract or possibly by statute.
(i) We do not deal with issues related to agency law and
actual or apparent authority. Certificates could at some point
indicate a party's authority to act (see paragraph (e) above),
but we do not address that here.
(j) Ensuring the long-term validity of a contract signed
with a digital signature may require the services of a third party
commonly referred to as a timestamper, who can specify when the
message containing the digital signature was sent. We have not
attempted to address issues related to timestamping.
(k) "Caching" occurs when remote information
is duplicated and stored locally. It is likely that information
being transmitted through the PKI will be cached both at the client
level and at the proxy server level (internally in an organization
or at their service provider's servers). This issue is mostly
likely to be seen in the case of Certificate Revocation Lists,
which merchants may cache (much like merchants used to keep hard
copy printouts of revoked credit cards next to cash registers
for real-time verification by cashiers). Caching creates the
possibility that parties are knowingly or unknowingly relying
on outdated information, and will also potentially implicate difficult
issues under copyright law or other intellectual property rules
applicable to databases. We have not attempted to address these
issues, although there may be technological methods that minimize
(l) CAs will acquire significant private information about
its consumers. Not only will consumers directly submit personal
information to the CA, but the consumer's conduct will leave a
"digital trail" of information that, analyzed properly,
would give insights into the consumer's affairs. We do not address
the laws (or desirability of laws) relating to keeping this information
confidential. We note, however, that the CA's disclosure of consumer
information may be governed by the E.U.'s Directive on Data Privacy
Protection (95/46/EC), among other rules.
(m) We have not addressed the bandwidth, computer and other
costs associated with the use of digital signatures. We assume
that senders and recipients of digital signatures, certificates
or other electronic messages do not bear any marginal costs attributable
to sending or receiving these files. In practice, per-byte or
per-message pricing could become standard, making the marginal
costs of using or verifying digital signatures greater than zero.
In addition, the computational power required to generate and
process digital signatures is significant and will continue to
increase as the length of public and private keys increases.
Significant marginal costs attributable to computer processing
or bandwidth are likely to alter the way that senders and recipients
perceive and use digital signatures in ways we have not attempted
(n) We do not address evidentiary issues associated with
digital signatures, such as the admissibility of digitally-signed
documents, the appropriate evidentiary weight to be accorded such
documents, and legal presumptions arising from the use of digital
signatures. These issues can include whether a document signed
with a digital signature satisfies the "writing" requirement
under applicable statutes of frauds, whether an electronic record
signed with a digital signature satisfies the best evidence rule,
and so on. Though seemingly procedural, these issues can raise
important public policy concerns. For example, some enacted U.S.
state legislation creates a presumption that, under certain circumstances,
the person who owns a particular key pair used to sign a document
is the person who did in fact sign the document. Holding an individual
presumptively bound by obligations entered into under their digital
signature could be inequitable if the individual is the victim
of the fraudulent use of such a signature.
These issues could also be significant in non-US jurisdictions
that have extensive statute of frauds. For example, Germany has
a set of legal rules ("Schriftform") similar to the
statute of frauds in other jurisdictions. There are thousands
of German statutory law provisions that require certain declarations
to be given in written form; in such cases, "written form"
is defined by statute to mean a written signature made by pen
on paper. Important examples of such provisions in German law
are consent to the use of personal data under the Data Protection
Law, covenants and transfers with respect to real estate, and
the transfer of shares in a limited liability company. Presumably
digitally-signed documents will not qualify as being in written
form under these laws.
(o) Generally, this Report does not address "cooling
off" laws designed to give consumers the opportunity to reject
transactions for some period of time following the execution of
(p) There are multiple conventions for the technical specifications
of certificates. This Report only addresses Standard X.509 of
the International Telecommunications Union, although the analysis
may apply to other certificate conventions.
(q) Some visions of a PKI require that each participant
obtain, register and use a unique "distinguished name."
These naming conventions may implicate privacy concerns, agency
law and even trademark law. We do not address issues related
to naming in this Report.
(r) In order to analyze the CA's digital signature attached
to a certificate, the party receiving the certificate must obtain
the CA's public key. Just as there are issues regarding whether
a consumer's public key belongs to the person who claims it, there
could be issues about whether the CA's public key belongs to the
CA who claims it. To resolve this, some visions of the PKI assume
that a CA will have the CA's certificates signed by another CA
whom the public can trust that its public key belongs to this
CA. This Report assumes that, if a chain of certificates is developed
to allow CAs to include certificates regarding the CA's signature,
the "root certificate" -- that is, the certificate of
the public key of the CA at the top of this chain -- can be trusted,
whether it is issued by a government or private entity.
(s) We do not address the duties, if any, of higher-level
CAs for the duties of CAs whose public keys are certified by the
(t) The mechanisms by which certificates are delivered
to potential relying parties can vary. This Report assumes that
a consumer who is identified in a certificate will present that
certificate directly to the merchant who intends to rely upon
it. The Report does not analyze the situation where certificates
are stored in a database or directory maintained by a certification
authority or other third party and accessed by merchants on an
Previous | Next
Back to Table of Contents
About ILPF | To Join ILPF | Working Groups & Publications
Member Resources | Events | Home