I've been interested in this discussion and have been doing some research into the legal status here in Panama.
In 2001 the assembly voted into effect Law 43 more commonly known as the electronic commerce law. http://neuclear.org/ley43.pdf (in Spanish) It is supposedly based on UNCITRAL of which I admitedly know very little. So I was rereading the law after having read Ben and Nicholas' excellent overview: http://www.apache-ssl.org/tech-legal.pdf In a civil law country like Panama things work a bit differently to the to me preferred Common law way of doing it. IANAL and my Spanish aint perfect either, but here is my analyis of Non Repudiation of Digitally Signed Messages in Panama. The real meat of the matter is handled in Article 31 (Page 10). "Guarantees derived from the acceptance of a Certificate": "The subscriber, at the time of accepting a certificate, guarantees all the people of good faith to be free of fault, and his information contained within is correct, and that: 1. The authenticated electronic company/signature verified by means of this certificate, was created under his exclusive control. 2. No person has had access to the procedure of generation of the electronic signature. 3. The information contained in the certificate is true and corresponds to the provided one by this one to the certification organization." This is backed up by article 33 (Page 11). "Causes for Revocation of Certificates": "The subscriber of a verified digital signature is obliged to seek revokation of the certificate under the following circumstances: 1. Loss of information to validate the Certificate 2. If the privacy of the certificate has been exposed or there is danger of illicit use of the certificate. 3. If the subscriber doesnt solicit revocation in any of the proceeding cases he will be held responsible for any losses or damages incurred by 3rd parties of good faith, who confide in the contents of the certificate.¨ Now bearing in mind the slight misunderstandings of technical terms in the law. I see this as saying that once someone accepts a certificate from a CA, he is legally responsible in Panama for all information signed by his private key. Even under the loss of control of the private key, unless the person specifically revokes his key. I will forward this to a couple of Panamanian lawyers as well to see if they would like to comment as well. Pelle -- http://talk.org + Live and direct from Panama http://neuclear.org + Clear it both ways with NeuClear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]