From: Stanton McCandlish <mech@eff.org>
To: eff-activists@eff.org
Message Hash: d1f981f06d049ff9eee19ec4ece7663aeacb8a9a8a41044f91af414ef4b902d0
Message ID: <199408041740.NAA19691@eff.org>
Reply To: N/A
UTC Datetime: 1994-08-04 17:41:24 UTC
Raw Date: Thu, 4 Aug 94 10:41:24 PDT
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 4 Aug 94 10:41:24 PDT
To: eff-activists@eff.org
Subject: USPS digital signature annoucement
Message-ID: <199408041740.NAA19691@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
[This is just an informational forward, and does not represent official EFF
positions or statements in any way.]
Forwarded message:
Date: Thu, 4 Aug 1994 10:46:48 -0400
From: cmerri01@reach.com (Charles Merrill -- McCarter ^ English - Newark )
Subject: USPS Elec Comm Serv
Quebec City, Canada, August 3, 1994--The U.S. Postal Service has
dramatically increased its commitment to the security of
communications on the NII, with the announcement of Postal
Electronic Commerce Services ("Postal ECS"), which will offer a
nationwide public key certification service for the authentication
of digital signatures used in paperless electronic commerce.
Richard Rothwell, Senior Director of Technology Integration for the
USPS, officially released the news today in Quebec City, in a paper
delivered to an international working group of the Information
Security Committee of the American Bar Association's Section of
Science and Technology, which has been developing guidelines for
public key certification authorities.
"Our initial implementation is based on the Digital Signature
Standard (DSS) Algorithm set; but our plan is to support other
cryptographic options such as RSA in the near future," Rothwell
said.
Public key digital signatures serve to authenticate the originator
of a digital communication, validate the integrity of the message,
fix the time and date of the message, and prevent the sender from
subsequently repudiating the communication - all features which are
critical to increasing trust in electronic commerce.
The full text of the USPS announcement on Postal ECS follows, which
may be duplicated and disseminated widely, so long as the entire
text is included.
Address to Information Security Committee, EDI/IT Division
American Bar Association Section of Science and Technology
Quebec City, Canada, August 3, 1994
GOOD AFTERNOON
MY NAME IS RICHARD ROTHWELL. I AM SENIOR DIRECTOR OF TECHNOLOGY
INTEGRATION FOR THE UNITED STATES POSTAL SERVICE.
I DOUBT THERE ARE MANY GROUPS MORE AWARE OF THE SWEEPING CHANGES
TAKING PLACE IN COMMUNICATIONS THAN THIS ONE, OR HOW THOSE
CHANGES AFFECT THE WAY THAT ALL OF US WILL DO BUSINESS IN THE
FUTURE. TODAY I WANT TO SHARE WITH YOU MY THOUGHTS ON THE ROLE
OF THE POSTAL SERVICE IN THIS NEW AGE, AND PARTICULARLY, THE ROLE
THAT WE ARE BEING ASKED TO ASSUME IN HELPING TO FACILITATE THE
EMERGING WORLD OF ELECTRONIC COMMERCE.
THE POSTAL SERVICE WAS ESTABLISHED, AT THE BIRTH OF THE UNITED
STATES, WITH THE MISSION OF BINDING TOGETHER A DIVERSE AND FAR-
FLUNG NATION THROUGH THE CORRESPONDENCE OF THE PEOPLE. IT WAS,
AND IS, A BROAD-BASED MISSION. OVER A CENTURY AGO, THEN ACTING
ATTORNEY GENERAL WILLIAM HOWARD TAFT WROTE THAT "THE MAKERS OF
THE CONSTITUTION ... HAD IN MIND THE COMPREHENSIVE VIEW WHICH
REGARDED POST OFFICES ... AS INSTRUMENTS FOR THE TRANSMISSION OF
INTELLIGENCE," A MISSION THEY EXPRESSED "IN VERY COMPREHENSIVE
TERMS..." TODAY WE ARE BEING ASKED BY OUR CUSTOMERS TO CONSIDER
NEW WAYS OF CARRYING OUT THIS MISSION. TODAY WE LIVE IN A
COMPLEX, COST CONSCIOUS, INTERDEPENDENT SOCIETY WHICH IS
DEVELOPING NEW ELECTRONIC COMMUNICATION SYSTEMS AND RE-INVENTING
COMMERCIAL PRACTICES. FOR MANY APPLICATIONS, THE NEW
EFFICIENCIES OF ELECTRONIC DATA COMMUNICATION, THE BENEFITS THAT
IT HAS PROVIDED TO ITS EARLY ADOPTERS, AND THE COMPETITIVE
PRESSURES THAT THIS EVOLUTION HAS CREATED ARE DRIVING
CORPORATIONS, GOVERNMENTS, AND INDIVIDUALS TO EXPLORE NEW WAYS OF
CONDUCTING BUSINESS, AND SERVING THEIR CUSTOMERS AND
CONSTITUENTS.
YET, AS MANY EXPERTS HAVE NOTED, INCLUDING MANY OF YOU IN THIS
ROOM, DIGITAL FILES AS A RULE ARE NEITHER AS SECURE NOR AS
RELIABLE AS THEIR PAPER COUNTERPARTS. DIGITAL FILES ARE DESIGNED
TO BE EASILY MANIPULATED BY USERS ON DIFFERENT COMPUTERS. THIS
IS, OF COURSE, AN ESSENTIAL ELEMENT OF THE EFFICIENCY THAT
ELECTRONIC COMMERCE CONVEYS. BUT WITHOUT SOME METHOD OF SEALING
A DIGITAL FILE TO ESTABLISH ITS CONTENTS, AUTHOR, AND TIME OF
TRANSMITTAL, THE BENEFITS OF ELECTRONIC COMMERCE WILL INEVITABLY
BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN PARTIES THAT
KNOW AND TRUST ON ANOTHER. SUCH LIMITS WILL SEVERELY CONSTRAIN
OR WIPE OUT THE BENEFITS OF ELECTRONIC DATA INTERCHANGE. A
RECENT ARTICLE IN GOVERNMENT COMPUTER NEWS NOTED THAT THE USE OF
TRADING PARTNER AGREEMENTS TO STRUCTURE EDI AGREEMENTS COULD
REQUIRE THE SERVICES OF HUNDREDS OF LAWYERS TO NEGOTIATE, WRITE,
AND ARGUE ABOUT THE AGREEMENTS JUST FOR GOVERNMENT PROCUREMENT.
THIS IS EVIDENCE OF THE GREAT DEGREE OF TRANSACTIONAL FRICTION
THAT MUST INEVITABLY ACCOMPANY SUCH AN APPROACH.
IF ELECTRONIC COMMERCE IS NOT GOING TO BE LIMITED TO HIGHLY
STRUCTURED TRANSACTIONS BETWEEN WELL KNOWN AND TRUSTED PARTIES,
OTHER SOLUTIONS MUST BE DEVELOPED TO CREATE AN EFFECTIVE LEGAL
FRAMEWORK AND ELECTRONIC INFRASTRUCTURE. ELECTRONIC
COMMUNICATION MEDIA CANNOT BECOME A RELIABLE BASIS FOR WIDESPREAD
BUSINESS USE WITHOUT A TRUSTED METHOD OF SEALING DIGITAL
CONTENTS, VERIFYING THE PARTIES INVOLVED, AND ESTABLISHING AN
OFFICIAL DATE AND TIME FOR THE TRANSACTION.
GOVERNMENT HAS SIMILAR NEEDS. TRUST AND SECURITY ARE ESSENTIAL
TO THE SUCCESS OF THE NATIONAL INFORMATION INFRASTRUCTURE, THE
REFORM OF GOVERNMENT PERFORMANCE, AND A NUMBER OF OTHER CRITICAL
FUNCTIONS, SUCH AS THE IMPLEMENTATION OF HEALTH CARE REFORM.
PERSONAL, EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE
TRAVELING ON THE INFORMATION SUPERHIGHWAY MUST BE ELECTRONICALLY
GUARDED SO THAT ALL CITIZENS ARE REASONABLY ASSURED OF THE
INTEGRITY OF THEIR RECORDS. THE TIMELY DELIVERY OF IMPORTANT
ELECTRONIC INFORMATION, AND THE IDENTITY AND AUTHORITY OF THE
PEOPLE WITH WHOM THEY COMMUNICATE ARE EQUALLY IMPORTANT. WITHOUT
TRUST AND SECURITY, ALL OF THE SUPERCOMPUTERS AND ALL OF THE
HIGH-SPEED NETWORKS IN THE WORLD CANNOT MAKE THE N.I.I. SUCCEED
ON THE BROAD FUNCTIONAL BASIS FOR WHICH IT WAS CONCEIVED.
AS ONE OF THE NATION'S LARGEST ORGANIZATIONS, THE UNITED STATES
POSTAL SERVICE SHARES MANY OF THE CONCERNS OF BOTH BUSINESS AND
GOVERNMENT. THE POSTAL SERVICE MUST MANAGE TRANSACTIONS WITH
THOUSANDS OF ORGANIZATIONS ON A DAILY BASIS IN THE PROCESS OF
ANNUALLY DOING $49 BILLION OF BUSINESS MOVING 171 BILLION PIECES
OF MAIL. BUT OUR CONCERNS ARE NO DIFFERENT FROM THOSE OF ANY
LARGE ENTERPRISE IN THE WORLD TODAY TRYING TO MAKE ITS OPERATIONS
MORE EFFICIENT.
THERE ARE NOT LIKELY TO BE MANY IN THIS ROOM WHO DO NOT BELIEVE
IN THE NEED FOR A MECHANISM FOR ESTABLISHING THE RELIABILITY OF
AN ELECTRONIC TRANSMISSION, AND BINDING AN INDIVIDUAL TO IT. I
THEREFORE DO NOT BELIEVE THAT IT WILL BE NECESSARY TO CONDUCT A
DETAILED EXPLORATION OF THE ADVANTAGES OF BUILDING A PUBLIC KEY
INFRASTRUCTURE AS A SOLUTION TO THE TECHNICAL PROBLEMS OF
PROVIDING SECURITY FOR ELECTRONIC DOCUMENTS. WHAT I WILL TALK TO
YOU ABOUT IS THE ROLE THE POSTAL SERVICE CAN PLAY IN PROVIDING
THESE TECHNICAL SOLUTIONS WHERE THEY ARE NEEDED.
THERE ARE SEVERAL REASONS WHY THE POSTAL SERVICE IS DEVELOPING
PLATFORMS FOR PROVIDING SOLUTIONS TO THESE PROBLEMS. FIRST, OUR
GENERAL DUTY TO "BIND THE NATION TOGETHER THROUGH THE PERSONAL,
EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE OF THE PEOPLE"
HAS TAKEN ON NEW MEANING NOW THAT A HYBRID INFORMATION HIGHWAY,
PART PAPER AND PART ELECTRONIC, HAS BECOME A REALITY AND WILL
CONTINUE TO BE FOR AT LEAST THE NEXT DECADE. SECOND, NOT
SURPRISINGLY, OUR CUSTOMERS ARE ASKING US TO PLAY AN EXPANDED
ROLE IN FACILITATING PAPER AND ELECTRONIC COMMERCE BECAUSE WE
HAVE UNIQUE LEGAL AND INSTITUTIONAL RESOURCES TO ACCOMPLISH THE
TASK. AND THIRD, WE HAVE TO DEVELOP ELECTRONIC SERVICES TO MEET
OUR CUSTOMERS' NEEDS FOR FASTER, MORE EFFICIENT HANDLING OF THEIR
PRODUCTS.
A CORE FUNCTION OF THE POSTAL SERVICE WILL REMAIN THE
TRANSMISSION OF HARD COPY MESSAGES TO AND FROM RESIDENCES AND
BUSINESSES IN AMERICA. AS I'VE NOTED, THAT FUNCTION FLOWS OUT OF
OUR CORE MISSION TO BIND THE NATION TOGETHER. THE POSTAL SERVICE
HAS OTHER MISSIONS AS WELL. WE ARE TASKED TO PROVIDE SERVICE ON
A UNIVERSAL BASIS TO PATRONS IN ALL AREAS AND TO ALL COMMUNITIES.
WE ARE REQUIRED TO USE EVERY EFFORT TO PROVIDE EFFICIENT AND
EXPEDITIOUS DELIVERY OF CORRESPONDENCE. WE ARE CHARGED WITH
PROTECTING THE PRIVACY OF POSTAL CUSTOMERS AND MAY NOT MAKE
AVAILABLE TO THE PUBLIC BY ANY MEANS OR FOR ANY PURPOSE ANY
MAILING OR OTHER LIST OF NAMES OR ADDRESSES, PAST OR PRESENT, OF
POSTAL PATRONS OR OTHER PERSONS. AND WE ARE CHARGED WITH
MAINTAINING THE SECURITY AND INTEGRITY OF THE MAILS, AND
INVESTIGATING POSTAL OFFENSES AND CIVIL MATTERS RELATING TO THE
POSTAL SERVICE.
AS A CONSEQUENCE OF THESE MISSIONS, THE POSTAL SERVICE HAS AT
LEAST THREE ASSETS WHICH MAKE US A LIKELY CANDIDATE TO PLAY A
ROLE IN THIS EMERGING FIELD. FIRST, THE POSTAL SERVICE ALREADY
HAS MUCH OF THE LEGAL AND INSTITUTIONAL INFRASTRUCTURE NECESSARY
TO ASSIST IN THE DEVELOPMENT OF WIDESPREAD ELECTRONIC COMMERCE.
SECOND, OUR SIZE AND WIDELY DISTRIBUTED RESOURCES GIVE US THE
PRACTICAL TOOLS TO PROVIDE A MUCH-NEEDED SERVICE ON A UNIVERSAL
BASIS. THIRD, WE ARE UNIQUELY SITUATED TO PROTECT CORE VALUES
SUCH AS SECURITY AND INDIVIDUAL PRIVACY AS WELL AS UNIVERSAL
ACCESS TO THE TOOLS OF ELECTRONIC COMMERCE.
LET ME DISCUSS THESE ONE AT A TIME.
FIRST, THE POSTAL SERVICE HAS THE LEGAL STRUCTURE TO PERFORM THE
DUTIES OF MANAGING A CERTIFICATE AUTHORITY. THE POST OFFICE WAS
ORIGINALLY ESTABLISHED BY THE CONTINENTAL CONGRESS AS THE UNITED
STATE'S FIRST INFORMATION HIGHWAY. FOR OVER TWO HUNDRED YEARS, A
SOPHISTICATED REGIME OF STATUTES, REGULATIONS, AND POLICIES HAS
DEVELOPED TO PROVIDE THE INFRASTRUCTURE WHICH ENABLES SECURE,
EFFICIENT, AND INEXPENSIVE TRANSMISSION OF PAPER COMMUNICATIONS.
FOR 200 YEARS, THE UNITED STATES POSTAL SERVICE HAS CERTIFIED
MAIL, SEALED IT WITH THE POWER AND AUTHORITY OF LAW, PROVIDED
RESPONSIBLE AND TIMELY MAIL DELIVERY, AND INSURED PATRONS AGAINST
LOSS OR THEFT. A RELIABLE AND TRUSTED MAIL SYSTEM REMARKABLY
FREE OF CORRUPTION OR ABUSE HAS ACCOMPANIED THE DEVELOPMENT OF A
SYSTEM OF COMMERCE IN THE UNITED STATES WHICH IS SECOND TO NONE
IN THE WORLD.
FOR HARDCOPY COMMUNICATIONS, THE LEGAL FRAMEWORK IS ALREADY IN
PLACE TO HANDLE ISSUES SUCH AS LIABILITY, INDEMNITY,
CONFIDENTIALITY, FRAUDULENT USE, THEFT, DEFINITE DATING, ETC. A
SIMILAR FRAMEWORK WILL BE REQUIRED TO SUPPORT ELECTRONIC
COMMERCE. CUSTOMERS HAVE SUGGESTED THAT THE POSTAL SERVICE MAY
BE IN A UNIQUE POSITION TO PROVIDE PART OF THAT STRUCTURE. FOR
EXAMPLE, SOME CUSTOMERS HAVE SUGGESTED THAT THEY ARE CONCERNED
WITH THEIR OWN CAPACITY TO HANDLE LIABILITY ISSUES, AND THAT THE
POSTAL SERVICE PROVIDES A READY-MADE SOLUTION TO THIS PROBLEM.
OTHERS HAVE EXPRESSED CONCERN ABOUT THE CONFIDENTIALITY PROBLEMS
INHERENT IN DEALING WITH OTHER COMPANIES, WHILE STILL OTHERS HAVE
ASKED FOR A REGIME FOR CONTROLLING FRAUD WHICH IS AS STRONG AND
CONVENIENT AS THAT IN PLACE FOR MAIL FRAUD. THUS, THE STRONG
LEGAL FRAMEWORK ESTABLISHED FOR HANDLING PAPER COMMUNICATIONS CAN
PROVIDE SIMILAR BENEFITS FOR ELECTRONIC COMMERCE.
SECOND, OUR CUSTOMERS ARE ASKING FOR OUR ASSISTANCE IN THIS AREA
BECAUSE WE HAVE UNIQUE PRACTICAL ASSETS, INCLUDING:
THE 40,000 RETAIL FACILITIES DISTRIBUTED NATIONWIDE
UNIVERSAL PRESENCE AND THE CAPACITY TO ACHIEVE
SIGNIFICANT SCALE
THE RESOURCES OF AN EXISTING NATIONAL INFORMATION
INFRASTRUCTURE
A VERY STRONG VERIFICATION PROCESS CURRENTLY USED FOR
PASSPORTS, THAT INVOLVES PROOF OF ID AND OTHER
INFORMATION TO A FEDERAL EMPLOYEE.
THE EXPERIENCE, POLICIES, AND ABILITY TO ARCHIVE
RECORDS WITHOUT RISK THAT THEY WOULD BE USED FOR
COLLATERAL COMMERCIAL PURPOSES.
THE POSTAL SERVICE IS ALSO A REMARKABLY LONG-LIVED ORGANIZATION,
AND THOSE OF YOU WHO HAVE STRUGGLED WITH ARCHIVING POLICIES WILL
RECOGNIZE THAT TO BE AN IMPORTANT ADVANTAGE. AS BOB JUENEMAN HAS
SAID ON THE INTERNET, "CERTIFICATES 'R US" MAY BE GONE TOMORROW.
IF YOU HAVE TO PROVE THAT A CERTIFICATE WAS REGISTERED ON A
CERTAIN DATE, AND YOU ARE SEEKING AN APPROPRIATE ARCHIVING
FACILITY, YOU CAN HAVE CONFIDENCE THE POSTAL SERVICE WILL STILL
BE AROUND TO SUPPORT YOUR REQUEST.
A THIRD STRENGTH THE POSTAL SERVICE BRINGS TO ENABLING ELECTRONIC
COMMERCE, AND ANOTHER REASON THAT OUR CUSTOMERS HAVE ASKED FOR
HELP, IS OUR CAPACITY TO CREATE CERTIFICATE MANAGEMENT SYSTEMS
THAT CAN REACH VIRTUALLY EVERY COMMUNITY IN AMERICA, BECAUSE WE
ALREADY HAVE A SUBSTANTIAL PRESENCE IN THOSE COMMUNITIES. WE CAN
THEREFORE PROVIDE A SOLUTION TO THE QUESTION OF HOW TO PUT THE
TOOLS OF ELECTRONIC COMMERCE, SUCH AS CERTIFICATES, INTO THE
HANDS OF EVERYONE. THERE ARE MANY OBSTACLES TO PREVENT CITIZENS
FROM TAKING ADVANTAGE OF THE BENEFITS OF ELECTRONIC COMMERCE.
CURRENTLY THERE ARE TECHNOLOGICAL, GEOGRAPHIC, ECONOMIC, AND
KNOWLEDGE BARRIERS WHICH PREVENT PEOPLE FROM PARTICIPATING IN THE
BENEFITS OF ELECTRONIC COMMERCE. TO PROVIDE UNIVERSAL SERVICE TO
ELECTRONIC COMMERCE WE MUST PROVIDE ACCESS WHICH IS UNIVERSALLY
USABLE AND UBIQUITOUS AND SCALABLE. BY PROVIDING A SOLUTION TO
SOME OF THESE ACCESS PROBLEMS, THE POSTAL SERVICE MAY HAVE AN
IMPORTANT ROLE TO PLAY IN ENSURING THAT FUTURE COMMUNICATIONS IN
AMERICA PROVIDE A CONTINUING FRAMEWORK FOR SUSTAINING A
DEMOCRATIC, PARTICIPATORY SOCIETY.
THUS, MANY OF THE INSTITUTIONAL FEATURES NEEDED BY AN ENTITY
WISHING TO TAKE PART IN CERTIFICATE ISSUANCE AND MANAGEMENT
ALREADY EXIST IN THE UNITED STATES POSTAL SERVICE. THE POSTAL
SERVICE WAS ESTABLISHED TO PROVIDE VERY SIMILAR SERVICES FOR THE
SUPPORT OF CORRESPONDENCE WHEN THE PHYSICAL FRONTIER WAS CHAOTIC
AND HARD TO REACH. IT IS READY TO PROVIDE SIMILAR SERVICES ON
THE ELECTRONIC FRONTIER.
AS THE POSTMASTER GENERAL HAS INFORMED CONGRESS, WE ARE ACTIVELY
SUPPORTING THE DEVELOPMENT OF THE N.I.I. TO FACILITATE THE
DEVELOPMENT OF OUR OWN BUSINESS AND TO HELP US CARRY OUT OUR
MISSION. ON MARCH 24, THE POSTMASTER GENERAL TESTIFIED BEFORE
THE SENATE AFFAIRS COMMITTEE THAT "WORKING WITH OTHER FEDERAL
AGENCIES, WE MAY BE ABLE TO DEVELOP AN ELECTRONIC COMMERCE
SYSTEM." HE ALSO NOTED THAT, THROUGH THE DEVELOPMENT OF A KIOSK
PROGRAM THAT MIGHT CARRY OUT POSTAL TRANSACTIONS AND PERHAPS ALSO
DISSEMINATE INFORMATION FROM OTHER AGENCIES, OUR POSTAL LOBBIES
COULD BECOME "ON-RAMPS" TO THE ELECTRONIC SUPER HIGHWAY.
THE POSTMASTER GENERAL HIGHLIGHTED TWO IMPORTANT AREAS IN WHICH
THE POSTAL SERVICE MAY BE HELPFUL: SERVING THE REQUIREMENTS OF
OTHER GOVERNMENT AGENCIES, AND PROVIDING UNIVERSAL SERVICE TO
THOSE CITIZENS WHO ARE IN DANGER OF BEING LEFT OUT OF THE
INFORMATION REVOLUTION. TO THESE HE MIGHT HAVE ADDED A THIRD,
EQUALLY IMPORTANT AREA: PROTECTING THE PRIVACY OF AMERICAN
CITIZENS. THIS CONCERN IS DEEPLY EMBEDDED IN POSTAL TRADITION
AND STATUTE. WHEN WE SPEAK OF THE SECURITY OF ELECTRONIC
COMMERCE WE SHOULD NOT MISS THE WAY IN WHICH COMMERCIAL SECURITY
AND INDIVIDUAL PRIVACY ARE INTERCONNECTED CONCEPTS.
WHILE IT IS TOO EARLY TO KNOW WHAT PRECISELY LIES AHEAD, LET ME
SHARE WITH YOU A GENERAL DESCRIPTION OF THE SYSTEMS WE ARE
DEVELOPING, BOTH FOR OUR OWN USE AND FOR THAT OF OUR CUSTOMERS.
THE POSTAL SERVICE IS USING PUBLIC KEY ENCRYPTION TECHNOLOGY, AND
RELATED TECHNOLOGIES, TO DEVELOP A PUBLIC KEY CERTIFICATION
AUTHORITY AND A SET OF ASSOCIATED TRUSTED THIRD PARTY SERVICES
WHICH WE CALL POSTAL ELECTRONIC COMMERCE SERVICES (POSTAL ECS).
WHEN INITIALLY DEPLOYED, POSTAL ECS WILL PROVIDE A BASIS FOR
ELECTRONIC ASSURANCES WITHIN AND AMONG GOVERNMENT AGENCIES, AND
BETWEEN GOVERNMENT AGENCIES AND THEIR CONSTITUENTS. IN
PARTICULAR, THE POSTAL SERVICE HAS DEVELOPED THE ABILITY TO:
ISSUE PUBLIC KEY CERTIFICATES AND STORE THEM IN A
PUBLIC DIRECTORY;
PROVIDE FOR THE "SEALING" OF SELECTED DOCUMENTS OR
OTHER ELECTRONIC OBJECTS AND ASSOCIATING THEM WITH A
DIGITAL SIGNATURE AND A TRUSTED TIME AND DATE STAMP;
PROVIDE SERVICES FOR PUBLIC KEY CERTIFICATE PUBLICATION
AND REVOCATION; AND,
PROVIDE THE ABILITY TO ENCRYPT CONFIDENTIAL INFORMATION
MOVING BETWEEN THE USER ENVIRONMENT AND THE POSTAL ECS
MANAGEMENT SYSTEM.
FINALLY, PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES
AND THEIR STATUS.
THE CERTIFICATION AUTHORITY WILL ISSUE AND MANAGE X.509 PUBLIC
KEY CERTIFICATES CONTAINING A PERSON'S X.500 DISTINGUISHED NAME,
PUBLIC KEY, AND OTHER IDENTIFYING INFORMATION. USERS CAN THEN
RETRIEVE A CERTIFICATE FROM THE POSTAL SERVICE, AND USE ITS
PUBLIC KEY TO AUTHENTICATE A DIGITAL SIGNATURE GENERATED BY THE
COMPLEMENTARY PRIVATE KEY.
THE CORRESPONDENCE SERVICE PROVIDED BY THE SYSTEM IS THE POSTAL
ECS SEAL WHICH PROVIDES USERS WITH A VALIDATION OF THE ORIGINATOR
BASED ON HIS OR HER DIGITAL SIGNATURE. WE ALSO PROVIDE A POSTAL
SERVICE DIGITAL SIGNATURE ON THE DIGEST OF AN ELECTRONIC OBJECT
THAT ASSURES THAT IT CANNOT BE CHANGED WITHOUT DETECTION. WE
ALSO PROVIDE THE POSTAL SERVICE DIGITAL SIGNATURE ON A DATE AND
TIME STAMP THAT WE SUPPLY TO ENABLE PROOF OF EXISTENCE AT A POINT
IN TIME AND WE PROVIDE ARCHIVING FOR THOSE DATE AND TIME STAMPS.
FINALLY, WE PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND
THEIR STATUS. THIS ALLOWS A USER TO GET UP-TO-DATE INFORMATION
ON THE VALIDITY OF CERTIFICATES, AND REMOVES THE NEED FOR USERS
TO MAINTAIN THEIR OWN CERTIFICATE REVOCATION LISTS.
THE POSTAL SERVICE HAS IMPLEMENTED THE CERTIFICATE AUTHORITY
SERVICES, THE CORRESPONDENCE SERVICES AND THE SUPPORTING
DIRECTORY ON A HOST COMPUTER SYSTEM IN ONE OF OUR MAJOR
PRODUCTION DATA CENTERS. WE HAVE ALSO DEVELOPED THREE POSTAL
SERVICE-LICENSED USER AGENTS AS REFERENCE MODELS TO BE INSTALLED
ON END USER WORKSTATIONS THAT WILL PROVIDE ACCESS TO POSTAL ECS
SERVICES. THEY RUN ON MICROSOFT WINDOWS-BASED PC~S AND ACCESS
POSTAL ECS SERVICES VIA E-MAIL (EITHER INTERNET OR X.400). WE
ARE ALSO WORKING ON AN INTERACTIVE DIAL-UP COMMUNICATION
ALTERNATIVE AND EXPECT THIS TO BE AVAILABLE SHORTLY.
THESE USER AGENTS CONTAIN STANDARD PROGRAMMING INTERFACES THAT
LINK USER APPLICATIONS, CRYPTOGRAPHIC ROUTINES, AND ECS SERVICES
TOGETHER. OUR INITIAL IMPLEMENTATION IS BASED ON THE DIGITAL
SIGNATURE STANDARD (DSS) ALGORITHM SET; BUT OUR PLAN IS TO
SUPPORT OTHER CRYPTOGRAPHIC OPTIONS SUCH AS RSA IN THE NEAR
FUTURE.
WE ARE NOW MOVING FROM DEVELOPMENTAL WORK TO ACTUAL PROOF OF
CONCEPT PILOT TESTING OF THESE SERVICES BOTH INTERNALLY IN THE
USPS AND WITH OUR GOVERNMENT AGENCY PARTNERS. OUR PLANS WILL
EVOLVE AS WE GAIN EXPERIENCE FROM THESE INITIAL PILOT TESTS AND
CONTINUE TO TALK WITH CUSTOMERS, AND EXPERTS IN ENCRYPTION,
SOFTWARE DEVELOPMENT, AND COMPUTER SCIENCE. WE HAVE SHARED OUR
PLANS WITH CONGRESS, THE ADMINISTRATION, AND THE MEDIA. AND WE
HAVE ASKED OURSELVES THREE KEY QUESTIONS:
IS THIS INITIATIVE CRITICAL TO OUR MISSION AND OUR
RESPONSIBILITY TO THE PUBLIC?
DO OUR CUSTOMERS HAVE A NEED FOR OUR PARTICIPATION?
AND,
WOULD THE COSTS OF PROVIDING THESE SERVICES BE BALANCED
BY POTENTIAL REVENUES?
CERTAINLY THE RESPONSES THAT WE HAVE RECEIVED TO DATE MORE THAN
JUSTIFIES OUR VIEW THAT THIS IS AN AREA IN WHICH WE SHOULD
CONTINUE TO BE AN ACTIVE PARTICIPANT.
BEFORE CONCLUDING, LET ME DIRECTLY ADDRESS A CONTROVERSIAL
PHILOSOPHICAL DISCUSSION ABOUT CERTIFICATE MANAGEMENT SO YOU CAN
UNDERSTAND WHAT WE SEE AS THE FUTURE WORLD OF ELECTRONIC
COMMERCE. THERE HAS BEEN A GREAT DEAL OF DEBATE ABOUT THE
RELATIVE ADVANTAGES OF HIERARCHIAL VERSUS PEER-TO-PEER OR ONE-
LEVEL MODELS FOR MANAGEMENT OF DIGITAL SIGNATURE. TO SOME
EXTENT, I BELIEVE THIS DEBATE MISSES THE POINT. THE SYSTEM FOR
MANAGING X.500 CERTIFICATES THAT WILL EVENTUALLY BE ADOPTED WILL
BE ADOPTED ONLY BECAUSE IT MEETS THE BUSINESS NEEDS OF THE USERS.
BECAUSE THE COMPLEX COMMUNICATION NEEDS OF THE FUTURE WILL
REQUIRE FLEXIBILITY TO MEET INDIVIDUAL DESIRES, SOME MIX OF
HIERARCHIAL AND PEER-TO-PEER OR FLAT MANAGEMENT SCHEMES WILL BE
ADOPTED.
WHAT THE RECIPIENT OF AN ELECTRONIC DOCUMENT SIGNED WITH A
DIGITAL SIGNATURE NEEDS TO KNOW IS HOW MUCH WEIGHT TO GIVE THAT
SIGNATURE -- OR, IN OTHER WORDS, WHAT ACTIONS TO TAKE BASED ON AN
EVALUATION OF THE SENDER. THIS IS EXACTLY THE SAME THING THAT IS
DECIDED EVERY DAY BY PEOPLE -- SHOULD WE SELL SECURITIES TO A
VOICE OVER THE PHONE? SHOULD WE PLACE AN ORDER WITH A NEW
SALESMAN? GIVEN THE INFINITE VARIETY OF POSSIBLE TRANSACTIONS
AND ENCOUNTERS, THERE IS NO POINT IN TRYING TO IMPOSE ON
ELECTRONIC TRANSACTIONS A SINGLE PARADIGM FOR AUTHENTICATION.
DIFFERENT LEVELS OF ASSURANCE, AND DIFFERENT ARCHITECTURES, WILL
BE NECESSARY FOR DIFFERENT USES. WHAT IS IMPORTANT IS THAT THE
PARTIES TO THE TRANSACTION ARE AWARE OF THE LEVEL OF ASSURANCE
PROVIDED.
THE POSTAL SERVICE CAN BE OF ASSISTANCE IN FILLING SOME SPECIFIC
NEEDS IN THE CERTIFICATE ARENA, BUT IT HAS NO INTENTION OF
CONTROLLING OR DOMINATING THAT ARENA. FOR THE NEAR FUTURE THE
UNIVERSE OF ELECTRONIC COMMERCE WILL CONTINUE TO HAVE MANY
DIFFERENT GALAXIES. MANY VARYING CONCEPTS AND SERVICES WILL BE
ABLE TO MAKE VALUABLE CONTRIBUTIONS. MANY OTHER ENTITIES WILL
PROVIDE SERVICES IN THIS AREA: AS VICE PRESIDENT GORE HAS NOTED
IN NUMEROUS SPEECHES, THERE IS A ROLE FOR BOTH PRIVATE AND PUBLIC
ENTITIES. WE PLAN TO PROVIDE SERVICES BASED UPON IDENTIFIED
NEEDS, WHICH CUSTOMERS WILL DECIDE WHETHER OR NOT THEY WILL USE.
IN KEEPING WITH THE PHILOSOPHY I HAVE ARTICULATED, LET ME SAY
THAT THE POSTAL SERVICE, IN ANY DEVELOPMENT OF THESE PRODUCTS,
INTENDS TO SUPPORT MULTIPLE CRYPTOGRAPHIC PRODUCTS IN THE MARKET
PLACE. IN ADDITION, WE WILL NOT COMPETE WITH NETWORK SERVICE
PROVIDERS, NOR WILL WE BECOME A NETWORK OR CARRIER.
IN DEVELOPING THESE SERVICES, WE ARE KEENLY INTERESTED IN THE
WORK OF THIS GROUP. WHILE THE TECHNOLOGY AND SCALE ISSUES SEEM
TO US TO BE MANAGEABLE, WE RECOGNIZE THAT THERE ARE STILL MANY
LEGAL QUESTIONS CONCERNING THE WAY IN WHICH THE DESIGN OF A
PUBLIC KEY INFRASTRUCTURE MANAGEMENT SERVICE MIGHT BEST WORK.
THE LIABILITY ISSUES ARE NOT YET COMPLETELY CLEAR, AND THE DUTIES
OF EACH ENTITY IN SUCH AN INFRASTRUCTURE NEED TO BE ARTICULATED.
AS CUSTOMERS SEEK OUR SERVICES, WE WILL HAVE TO FACE QUESTIONS OF
SCALABILITY, INVESTMENT, AND THE REGULATORY ISSUES ASSOCIATED
WITH THE INTRODUCTION OF A NEW SERVICE. CAN THE SERVICE BE
MANAGED? WHAT INVESTMENT WILL BE REQUIRED? HOW WILL REGULATORS
HAVE US PRESENT THE SERVICE TO THE PUBLIC AND AT WHAT PRICE?
WE GREATLY APPRECIATE THE EXCHANGE OF VIEWS THAT THIS FORUM MAKES
POSSIBLE. WE ALL HAVE MUCH TO LEARN IN THIS AREA, AND I BELIEVE
WE SHOULD WELCOME THE FACT THAT WE LIVE IN SUCH INTERESTING
TIMES.
[end]
--
<A HREF="http://www.eff.org/~mech/mech.html"> Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org"> mech@eff.org
</A><P><A HREF="http://www.eff.org/"> Electronic Frontier Fndtn.
</A><P> Online Activist
Return to August 1994
Return to “Stanton McCandlish <mech@eff.org>”