[1] I think it's fair to say that the origins of the CA market were a case study in a pure anti-competitive market. Legislation was proposed and pushed through by CAs in some places that created a barrier to entry.
I don't buy this. Legislation was proposed to allow digital signatures to have legal equivalence to a witnessed pen and ink signature.
Originally, legislation was proposed (and passed) to have far more ramifications than just that. Certainly, "legal equivalence to a signature" was the headline intent, but it went way beyond that.
(We are talking circa 1994-95 here, so this is all ancient history. It's only place is in understanding the origins of protocol design around that time, as these forces were present and pervasive.)
Now, luckily, the whole concept was questioned, and the original "model legislation" fell out of favour. By 1997, most legislative researchers were aware of the debate, and legislatures passed something closer to useful, which is that "a digital signature should not be denied purely on the grounds that it is a digital signature." Those laws also often included a gap-filler clause that stated that the government had the authority to license CAs if it thought fit, but left all rules up to later. (I recall reading the California proposal, it was a page long.) This was quite wise, as it blocked any attempt to force through the franchise model at a later time.
(I do not recall what Bermuda's legislation said precisely, but I do recall that it had avoided the trap.)
> To do so, the
CA needs to prove that the user has been properly authenticated, and that the CA operations are secure (ie fake IDs can't be generated).
Question is, does it work? That we can (and do) debate. A more precise question is whether this can shown in court?
( It's now fairly well established in the crypto community that digital signatures are not acceptable, prima facie, as equivalent to the pen&ink human signature, and laws that try and enforce that won't survive in court. IOW, non-repudiability is now a repudiated concept. )
Is this a barrier to entry? Don't think so -- it makes the technology more useful.
The "deliberate" barrier to entry was the original model, not the later generations, which squashed the automatic creation of the franchise.
When I was researching this question over the weekend, I found one State's estimate that the cost to the CA of the original model as $3m, which rates as a barrier to entry, in my book.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
