Rich Salz <[EMAIL PROTECTED]> writes:
>Here's an interesting hypothesis that also touches on Perry's followup.
>Digital signature "laws" are the result of PKI vendors trying to create a
>market.
Just as the Utah digital signature law was also called the "Attorneys Full
Employment Act of 1997" I guess this one could be called the "PKI Vendors
Liquidity Assurance Act of 2000".
>Does anyone really need non-repudiation? Cf the IETF PKIX WG blowing up as
>they try to cram semantics into one bit (1<<6 I think) and then give up.
Actually the PKIX position AFAIK is that nonrepudiation has undefined semantics
(some good suggestions I've seen include renaming the flag the crimeFree bit -
this cert won't be used for fraudulent purposes - or requiring that issuers set
it to true or false at random to weed out implementations which incorrectly
assign some sort of meaning to it).
Peter.