Re: UK EU presidency aims for Europe-wide biometric ID card

2005-07-14 Thread Stefan Kelm
 when we were called into help word-smith the cal. state and later the
 fed. electronic signature law ... a lot of effort went into making the
 wording technology agnostic as well as trying to avoid confusing
 authentication and identification.

We've been discussing those very same topics within Europe for
many years now. When some EU Member States (Germany, Austria, ...)
already had very stringent signature laws the EU was kind of
forced to act. They tried to enact a signature directive which
they thought would be as technology neutral as possible. And
although that approach seemed to be a good one they failed:
they were overambitious wrt certain issues, what's more the
implementation of the directive into national legislation
lead to 20+ different EU signature laws:

http://www.pki-page.info/eu/

In 2003 we wrote a report for the European Commission,
trying to compare the situation throughout the Member States
as well as focussing on practical applications:

http://www.law.kuleuven.ac.be/icri/itl/elsig.php
http://www.secorvo.de/publikationen/electronic-sig-report.pdf

Cheers,

Stefan.
---
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Straße 12-14, D-76137 Karlsruhe

Tel. +49 721 255171-304, Fax +49 721 255171-100
[EMAIL PROTECTED], http://www.secorvo.de/
---
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


UK EU presidency aims for Europe-wide biometric ID card

2005-07-13 Thread Anne Lynn Wheeler
http://www.theregister.com/2005/07/13/uk_eu_id_proposal/

UK EU presidency aims for Europe-wide biometric ID card

The UK is using its Presidency of the Council of the European Union to
push for the adoption of biometric ID cards and associated standards
across the whole of the EU. In a proposal issued on Monday (11th July),
the UK calls for the drafting of common standards for national identity
cards taking into account the achievements in relation to the EU
passport and in the ICAO framework.

,,, snip ...

note that some EU govs. are trying to have legislation that has an x.509
identity certificate appended to every digital signature. this
effectively turns even the most lightweight digital signature
authentication even into a heavyweight identification event.

when we were called into help word-smith the cal. state and later the
fed. electronic signature law ... a lot of effort went into making the
wording technology agnostic as well as trying to avoid confusing
authentication and identification. the other force that was somewhat at
work was moving things in the direction that a digital signature could
take on the attributes of a human signature (possibly because of
semantic confusion over both terms; *digital signature* and *human
signature* containing the word *signature*) ... including that if a
digital signature was discovered ... that human intent, read,
understanding, agrees, approves, and/or authorizes was somehow implicit
in the existance of a digital signature.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]