From: torrejr@pcnet.com
Date: Tue, 28 Nov 1995 13:32:06 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Cypherpunk Certification Authority
Message-ID: <Chameleon.951128011153.torrejr@>
MIME-Version: 1.0
Content-Type: text/plain



So far, everybody on the net has discussed the fun part(s) of the CA issue. 

The techies talk about protocol, encryption ... in short the real FUN stuff. I have enjoyed diverging 
opinions of  some of the participants. Many  make excellent points and have taught me more than I 
ever dreamed to learn.

Lawyers are already making money and preparing for the future :-) Some lawyers argue about 
liabilities and drool over new laws being proposed all over the country by other lawyers to 
guarantee future lawsuits. Another lawyer does not believe CAs are an option and make a good 
buck selling books to prove it (Electronic Commerce Law-Ben Wright squire) another publishes 
the American Bar Association CA liabilities, names it draft of the digital signature
guidelines and goes to work for Verisign (CA?  DS? UH?).

I can keep talking about good stuff that has happen in the last few months for about everyone 
interested in the last frontier (the electronic one) and its trading posts (electronic commerce), but 
the fact is that there are no CAs in full production yet. Yeah! Verisign is around .... Santa Clara. Of 
course I have other choices (Did I say great choices?)  like Cost in Sweden and at one time 
EuroCert in England was advertising on the net. 

I have been asking myself ... WHY? I can't accept the standard response: Fear to liability! Granted 
that the liability factor is important but my gut feeling tells me that's not the whole story. The 
hardware and the software is out there (I haven't commented on the quality of this stuff!). I thought 
that several companies who have indicated interest have all it takes to make a successfull CA but 
nobody seem to move reasonably fast.

Is it possible that the process of issuing and maintaining a certificate is so complex and expensive? I 
think that MITRE did a study for NIST and they came-up with a cost of $800 per year per federal 
employee to maintain and administer a Federal CA.  

Any suggestion?

PS I want to thank Robert Hettinga for his excellent work promoting the principles of the 
Cypherpunks, and for diseminating critical information that helps shape the corporate world  for a 
better electronic future. 
-------------------------------------
Juan Rodriguez i Torrent
torrejr@pcnet.com
11/27/95  23:54:24
-------------------------------------