[fc-discuss] Financial Cryptography Update: DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
iang@iang.org
iang@iang.org
Mon, 23 Jan 2006 21:16:05 +0000 (GMT)
Financial Cryptography Update: DigSig News - Notaries apply for an old Franchise, Colorado does PK with BRNs, old anecdote
January 23, 2006
------------------------------------------------------------------------
https://www.financialcryptography.com/mt/archives/000637.html
------------------------------------------------------------------------
MIT and the National Notary Association released a white paper on how
to use notaries and digsigs. The press release is a curious throwback
to a decade ago where organisations aspirated deeply and warned that
unless something was done immediately, fire, flood and pestilance was
sure to strike eommerce.
http://www.marketwire.com/mw/release_html_b1?release_id=106617
========8<==========8<=======
Many paper-based transactions, from real estate conveyances to
international adoptions to last wills and testaments, are notarized in
order to prevent, detect and prosecute fraud. As government agencies
and industry move toward a complete paperless workflow, electronic
documents will need to receive the same level of security as their
paper counterparts. However, Greenwood warns that laws and regulations
to guide Notaries in the performance of electronic notarizations are
lacking and must be immediately addressed to ensure the protection of
property rights in the 21st century.
"Those who regulate Notaries Public would be derelict in their duty if
they failed to effect the rule-making necessary to transition to a
reliable system of e-notarization," Greenwood writes. "Failing to
exercise oversight and control in this area would be akin to failing to
provide and enforce safety rules for hydrogen or hybrid cars because
the new technology is different from the old."
======>8=========>8==========
Cryptographic digsigs work fine as indicators of human intent without
laws, without notaries, and without fuss, once you get into the core of
the application. On the other hand, a law put in place can set us back
a decade or more. One of the reasons why we do not see digsigs used
more often is because of the early franchise-building Utah models that
were popularised in the mid 90s.
To my knowledge, courts and lawyers have this all wrapped up as they
know that a signature is an _indicator of intent_, and the intent
rules, not the mark. Efforts to regulate this long-known legal
principle are therefore likely no more than franchise building, and
should be summarily rejected for what they are.
Luckily the PDF that Daniel Greenberg wrote is far more clear on what a
digital signature can be. Here's one fascinating snippet:
========8<==========8<=======
The state of Colorado has pioneered a simple but
effective solution to enable state regulation of electronic
notarization.26 It is called the Document Authentication
Number, or DAN, and works like this:
In Colorado, this is an eleven-digit accounting
number issued to each notary by the Secretary of
State’s accounting system. This number can be
accessed and referenced by anybody. Like a white
pages entry, it is unique but publicly accessible
identification. The number will be searchable online to
verify a notary’s name, commission number, commission
expiration date and other important information.
Second, each notary is issued multiple random
numbers generated by the Secretary of State, who
keeps a copy of each such number. Unlike the first
number, these are kept confidential. They should be
secured, just as is the notary’s seal for paper-and-ink
notarizations. One of these random, confidential
numbers is used by the notary to “brand” every discrete
eNotarization. The notary also has, associated with each
confidential number, the relevant data that appears on
the respective official seal, such as name, title,
jurisdiction and commission expiration date. When used
together, the Document Authentication Number and a
randomly generated number assigned by the Secretary
of State constitute the notary’s electronic signature for a
particular notarization.
In order to execute an eNotarization, the Colorado
notary would simply affix to the electronic document
both the private and public numbers, along with the
pertinent commission information. This could be done
by manually “copying and pasting” the data from a
document or spreadsheet or through easy-to-use
software. Thereby, the notary has tied the document to
the electronic notary signature. In effect, an electronic
notarization has occurred.
======>8=========>8==========
Nice! Public / private digital signatures with just a bunch of big
random numbers (BRNs). That shows extraordinary flair by Colorado, and
one wonders how they managed to slip that one past all the franchise
builders, cryptography guildsmen and other worryworts.
I was reminded last night of an anecdote about digsig laws. Some years
ago, I was asked to (informally) advise a small nation on digital
signatures. I read the two page draft law, and said, that's fine, but
you don't need that, and here's why... (Insert blah blah here as
above.)
It was then explained to me that the purpose of the law was not to
regulate digital signatures, but to fill the spot, as a certain other
friendly but elderly country of masculine sibling nature was pushing to
put in place a regime of another sort. This action was recognised as a
complete agenda push by the helpful elder sibling, and therefore a
defensive action was needed: "we already have a digsig law, thanks, we
don't need yours."
At which point I then understood. Fine, put in place your digsig laws,
but stick to the tiny model: a digital signature should not be
rejected by courts solely on the basis that it is a digital signature.
End of story. Meanwhile, let the private sector get on with working
out how to do this.
--
Powered by Movable Type
Version 2.64
http://www.movabletype.org/