[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SV: Online Certificate Revocation Protocol

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, Bob Jueneman <bjueneman@xxxxxxxxxx>
Subject: RE: SV: Online Certificate Revocation Protocol
From: "Scherling, Mark" <mscherling@xxxxxxxxxxxxxxx>
Date: Thu, 14 Jun 2001 08:54:45 -0700
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

What about mortgages?  How about property deeds?  How about long term bonds?
There is an increasing chance that these may be electronic and in the future
not a scanned copy.  I think that being able to validate a digital signature
in the future will become very important.  There are a lot of problems with
recovery of electronic information as we have witnessed in the information
management area.  Issues like technology obsolescence, recovery mechanisms,
audit and controls will become very important and in some cases require
maintaining vintage systems intact.  We have seen this with 8 inch disks,
mag tapes and other media already.  Does anyone remember Micom or AES Word
Processors?

Cheers

-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@xxxxxxxx]
Sent: Thursday, June 14, 2001 5:57 AM
To: Bob Jueneman
Cc: ietf-pkix@xxxxxxx
Subject: Re: SV: Online Certificate Revocation Protocol



Bob,

(..)

> I really wasn't addressing the legal and/or technical requirements 
> for timestamping for certain  documents.  I think we all understand 
> what could and perhaps should be done, assuming the
> circumstances warrant it.

> Technically I agree with you -- it would be nice to be able to 
> confirm the validity of a certificate 15 years after the fact. 

I disagree with you. The right sentence should be:
"It would be nice to be able to confirm the validity of an 
*electronic signature * 15 years after the fact."

> But from a legal or business perspective, I would claim that is 
> pretty close to nonsense -- you simply aren't likely to get into 
> a dispute about whether a contract was signed properly 15 years 
> after the fact. 

It does make sense because someone will do an initial verification soon
after the signature has been generated and then the data captured at that
time will be re-used again to verify the signature later on.

Since the European Directive makes an electronic signature, *made under some
technical conditions*, equivalent to an handwritten signature, it is
necessary to be able to verify *again* such a signature as long as an
equivalent handwritten signature on the same type of transaction/document
can be verified. 

Denis

(remaining of the text deleted)

Prev by Date: RE: Online Certificate Revocation Protocol
Next by Date: Re: delta CRLs - NR assumptions
Previous by thread: RE: Online Certificate Revocation Protocol
Next by thread: RE: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread