Roberto and all, [EMAIL PROTECTED] wrote: > Roeland, > > You wrote: > > > > > To repeat what Kent and I have both tried to say.... > > > > > > * From both a technological and legal standpoint, > > > authentication and encrytion are different. > > > > Wrong on both counts and Kent knows better. The only > > difference is what you > > encrypt. > > I do not have the deep knowledge of the issue to discuss it in general terms > (i.e. neither how this is applied worldwide from the legal POV, nor what are > the deep technological differences between authentication and encription), > but for what regards France I will give my experience below. Yes it is quite evident from your comments below that you do not have much knowledge at all from your missive statements. More on those below. > > > > > > > * Nothing suggested so far on the DNSO lists requres > > > encryption, nor should such suggestions be necessary. > > > Encyption is the enemy of "open and transparent" > > > > Pray tell, how you would validate an authentication with out > > encryption > > technology? Your last sentence is only an opinion and is > > unsupportable. > > See below. > > > > > > * While regulations about encryption vary, and will probably > > > continue to evolve, no country bans strong authentication > > > techniques. > > > > France, China, (soon, the UK?) etc. > > What France prohibits (for the sake of completeness, I should say "used to > prohibit", as I beleive that the legislation has changed this year and now > the restrictions on encription have been waived) is not the encription > itself as technology, but the transmission of encripted messages, i.e. > messages for which police, army, whatever, cannot determine the contents. This is only "In Part" accurate. It prohibits the ability for privacy of the Authentication or Encryption of the message itself. That is not expectable for the purposes of the subject of this thread, that being "Proof of Identification" with adequate Privacy intact. Hence, the location of the DNSO server in France is not expectable in order to achieve this goal. > > > Digital keys used for identigfication only constitute an exception to this > rule, explicitely mentioned in the legislation. > > So, while I agree that in order to have a meaningful electronic signature > that serves the purpose of validating the contents of a message you have to > encrypt the message as part of the process to produce the signature, the > message itself will be then transmitted in clear, i.e. not encrypted, and > therefore will compy with the French rules (even the former restrictive > ones). > > > > > > Now, there must be some part of "no restriction on > > > authentication" that is hard to understand, but, if so, would > > > someone explain to us what it is. > > > > The amount of encryption allowed for authentication makes this a moot > > difference. The authentication allowed in France is > > ineffectual. It might as > > well be plain-text. There is indeed restrictions, on > > authentication, in > > France, still. > > > > This was not true, even with the old legislation. > > When I was at ETSI, we, as CORE Members, were transmitting to the SRS the > transactions with an electronic signature, and this was perfectly legal. > Where we had the problem, and we needed a special authorization (that had > been granted, BTW) was to perform online payments, because we needed to > transmit data like the credit card number in encrypted form. > > I believe that simple authentication of the messages from an individual via > a digital signature will never require any "hard encryption" of data except > the signature itself, and therefore fill fall under the former category. > > In other words, no need to move the DNSO Server out of France. > > (BTW, even if the French legislation was more restrictive than it is, I > believe that we have far bigger problems than the potential difficulty in > identifying people via digital signature, even if this topic has been > accountable for heavy traffic this last couple of days. The problems and > lack of service associated to a move of the server are far worse and far > more "real" than this "potential" problem). > > > I could hide all sorts of messages in a "public key". > > > > > Otherwise, can we return this particular red herring to the pond? > > > > Sorry, it's learned how to breath air. > > > > I hope it did not forget how to live in water ;>) They mutated into Lung fish with Red herring genes. >;) > > > Regards > Roberto Regards, -- Jeffrey A. Williams Spokesman INEGroup (Over 95k members strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail [EMAIL PROTECTED] Contact Number: 972-447-1894 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
