Current law for agreements and contracts is based largely on the placement of a written signature on a paper document or a verbal agreement between parties who are satisfied that they can sufficiently identify one another. This is not satisfactory for deals in cyberspace, either in terms of validity of identification or repudiation of valid transactions. What is needed is an electronic signature system which is secure, flexible, acceptable and trusted. A small task group established under the auspices of the Standards Australia Joint Electrotechnology Policy Board is looking at a solution for Australia and this article is an attempt to give the story so far.
The Task Group is endeavouring to keep small for speed and is producing an implementation strategy document for a public key authentication framewwork (PKAF) for Australia. While the subject has been under discussion for a number of years, the work only came to the Task Group early in 1995. The group has been very sensitive to previous activities and accordingly is proposing the simplest possible system, designed to provide a framework in which users can have confidence and which initially avoids the "bells and whistles" which others may wish to add.
i. The key is for identification of a person or entity only and is not intended for encryption or any other purpose.
ii. The private key will only be accessible to the key owner.
iii. There will be no need for key escrow or similar key lodgement systems.
iv. Proof similar to that necessary to obtain a passport will be necessary for an individual to obtain a key and the cost of the service is expected to be similar.
v. The life of a key is expected to run from the time of issue till the public key is revoked by an entry in the Certificate Revocation List.
vi. There will be need for an enhanced legislative definition of "signature" which is used about 5000 times in existing legislation.
vii. That the whole system will depend on trust but that every effort should be made to reduce the possibilities for fraud, either in supply of keys or in their use.
viii. Other features may be combined with the system as commercial imperatives dictate and as users are prepared to accept.
ix. There will be a single, heirarchical, nationally recognised structure.
i. The first principle is fundamental in that we are intending merely that there will be an electronic certificate which links a specific name and a public key. This may be the name of an individual or an organisation. The individual will need to prove his/her identity to a level sufficient to obtain a passport (see principle iv.) in order to given an electronic identity. Companies will need to use appropriate company documentation to obtain a certificate. The use of aliases is not precluded nor will the issue of additional certificates conferring for example, a financial delegation. These will be issued by other authorities.
ii. Within the second principle is the proposal that the private key will be delivered in such a way that no-one other than the owner should be able to have access to it. It is envisaged that even the owner may never actually "see" the key. However, he/she will have the only means of generating it. If lost or compromised, it will have to be replaced with a new, different, key. The existing public key will remain available to ensure that all valid transactions (up till the key was revoked) can be cerified. Thereafter it will be archived.
iii. As this is an identity, there is no need for it to be other than with its owner. While the government may possess all details necessary to recreate a facsimile of a passport, there is an original signature which makes the passport unique.
iv. This principle is closely associated with (i) but also indicates that an electronic signature is not mandatory, and like a passport, need only be obtained by those who need one. The issuing fee would be similar which it is anticipated would mean that people will look after their signatures equally carefully.
v. Key life is expected to be about three to five years, depending on the trust which the algorithms and key lengths give. Where a single key is compromised, it will need to be replaced, but should an algorithm be discredited, then all keys will need replacement. As part of the process of keeping things simple, date stamping and notary services are not covered. However, there is nothing that prevents others from providing such services as extensions beyond the PKAF.
vi. The strategy document will cover aspects well beyond the bounds of a normal standards document by providing guidance for the legislation needed as well as a clear picture of what features the standard will need to cover.
vii. The framework will include policy directives requiring key issuers to take auditable steps which should provide confidence that security will not be breached. What the owner of an identity does with that identity is difficult to control. It is intended that use of an unrevoked electronic signature will constitute prima facie evidence that the action concerned was the responsibility of the owner of the signature.
viii. While other countries and groups seeking to establish similar systems are talking of associating other functions, it has been felt that simplicity will assist the scheme to commence. Extensions would then be paced to suit users and in line with commercial dictates of the service providers.
ix. A single recognised heirarchical national structure appears to offer the simplest sytem to provide for the necessary legilative adjustments as well as enabling the easiest establishment of the necessary bi-lateral recognition agreements with other PKAF systems in other regions of the world.
The draft standard proposes a `single, heirarchical, nationally recognised structure' (as described by Bob Lions) for digital signature validation, the elements of which can be summarised as follows (paraphrased courtesy of Robin Whittle):
* The peak national Policy And Root Registration Authority (PARRA) for
Australia will determine standards and certify ICAs. Legislation will give
digital signatures validated under the PARRA's system the same legal status as
handwritten signatures.
* There will be many Intermediate Certification Authorities (ICAs) which
meet all PARRA's requirements but have their own discretions and policies.
There might be a banking ICA, a defence ICA and one or more ICAs which
specialise in serving particular sectors of society. Australia Post, for
instance could be a major ICA - and has announced its `Key Post' service. An
ICA can directly sign Public Key Certificates or it can delegate to OCA's.
ICA's have a central role in providing Public Key Certificates on request.
* Under an ICA, there can be multiple Organisational Certification
Authorities (OCAs). which can also directly sign Public Key Certificates. OCAs
can have OCAs underneath them.
* Organisational Registration Authorities (ORAs) are like shop-fronts for
OCAs and ICAs - for example a local Australia Post Office. An ORA does not
itself sign the Public Key Certificates, but it acts as a conduit for these
activities.
A discussion of DR 96078 and an introduction to the concepts underlying digital signatures by Robin Whittle of First Principles Consulting can be found at http://www.ozemail.com.au/~firstpr/crypto/pkaf-1.htm An analysis of the privacy implications of the draft standard will appear in a later issue of PLPR.