Digital Signatures - Not So Fast
Dateline: 06/19/00
After President Clinton signs the Digital Signatures Act, unanimously passed by the Senate last Friday, what will you be able to do that you can't do now? Nothing -- for a while.
The purpose of the Digital Signatures Act, as stated by the Congressional Research Service is, " to require the adoption and utilization of digital signatures by Federal agencies and to encourage the use of digital signatures in private sector electronic transactions."
For the private sector (us), the law will allow consumers and businesses to sign checks, complete loan applications and contract services online.
Sounds convenient, but it will happen -- only after -- the development of, "digital signature infrastructure guidelines and standards for use by Federal agencies." -- Section 3. (a), The Digital Signatures Act.
The law gives the Director of the National Institute of Standards and Technology (NIST) six months to develop guidelines and standards for use by Federal agencies to enable those agencies to effectively utilize digital signatures in a manner that is--
-
(1) sufficiently secure to meet the needs of those agencies and the general
public; and
(2) interoperable, to the maximum extent possible.
By "interoperable," lawmakers basically mean that the same digital signature and security technology that works on your Windows PC should also work on your Macintosh, your mainframe terminal, or any other computer system. That should not take too long.
By "sufficiently secure," lawmakers mean that they are not at all sure how secure, or private, or encrypted your digital signature needs to be, just so it is "sufficiently" secure according to the NIST. Given the speed with which modern hacker's break new security systems, that could take forever.
Fortunately, NIST has been working on digital signatures and their security for some time now. First, NIST defines a "digital signature" as:
"a cryptographic checksum computed as a function of a message and a user's private key. A digital signature is different from a hand-written signature, in that hand-written signatures are constant, regardless of the document being signed. A user's digital signature varies with the data. For example, if a user signs five different messages, five different signatures are generated. Each signature, however, can be authenticated for the signing user." -- From: Digital Signatures - NIST
Pretending to understand that and moving right along, as early as May 1994, NIST announced its first "Digital Signature Standard" for Computer Security.
In July 1997, NIST published these Public Comments received during public hearings on "Certificate Authorities and Digital Signatures" held by the Commerce Department.
Finally, on June 27, 2000, NIST's Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS) will go into effect. This action will enable federal agencies to use the Digital Signature Algorithm (DSA), which was originally the single approved technique for digital signatures, as well as two new ANSI Standards that were developed for the financial community. These new standards are ANSI X9.31, Digital Signature Using Reversible Public Key Cryptography, and ANSI X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA). (Download FIPS 186-2 in Adobe .pdf format.)
So, will the above acronyms and stratospheric-tech buzzwords be sufficient in number and strength to prevent hackers from forging your digital signature?
| POLL: Will you use Digital Signatures? -- Online Discussion: Digital Signatures - Safe or Not |
President Clinton, who backed the Digital Signature Act and will certainly sign the bill into law thinks so.
Quoted in Reuters story of June 16, the President states, "By marrying one of our oldest values -- our commitment to consumer protection -- with the newest technologies, we can achieve the full measure of the benefits that e-commerce has to offer."
Digitally signed, Robert Longley.
Reference Links
Advisory Commission on Electronic Commerce
Created by Congress and tasked with producing what is arguably the most important policy initiative of the information age: recommendations on electronic commerce and tax policy, critical issues with global implications.What is a Digital Signature?
A simple, common language explanation of digital signatures and digital certificates from What Is.com.E-signatures bill: Fraud made easy?
"A newly passed digital signature bill may boost business, but it could leave consumers footing the bill in fraudulent transactions." -- SDNet News, June 16, 2000.
Sign Here Please
Can you prove who you are in cyberspace? Net Security Guide Jim Williams takes apart a digital signature.
A Canadian electronic commerce strategy: security, privacy, consumer protection, world-class infrastructure, and clear marketplace rules. Canada Online Guide Susan Munroe reports.
An e-mail interview with the leaders of digital certificate technology conducted by Net Security Guide Jim Williams.
Security and encryption on the Internet. Major algorithms, software, and tools compiled by Internet Guide Jason Zien.
From adopting wild horses to buying T-bills and bonds, the US Government is working to make more an more of its services available to Internet users. Try out E-Government now. From your About Guide.
More
News & Features
Current stories from the headlines and behind the headlines.
In Congress
Today
The daily schedules of House and Senate, major legislation, votes and more.
US Government
Job Openings
Links to vacancy announcements at dozens of agencies and military branches.
Huge Index of
Government Web Sites
One of the largest lists of agencies, bureaus and offices on the Web.
E-Government!
Online Government Services
From adopting wild horses to buying T-bills and bonds, the US Government is
working to make more an more of its services available to Internet users. Try
out E-Government now.
Supreme
Court Report
Find out about recent decisions and major cases now being considered by the
Supreme Court. Includes links to texts of Court decisions and analysis by many
of your About.com Guides and other major media sources.
How to...
...do lots of things involving the U.S. Government.
Latest
News and Features
The latest news and features on US Government Info/Resources.
Politics?
You want Politics?
Guide John Aravosis is and insider who'll deliver all the politics you can
handle.
Military
Questions?
Guide Rod Powers probably has the answers.
Immigration
Headlines
Keep up with the latest news about U.S. immigration laws and events with Guides
Jennifer and Peter Wipf.
Express Your
Opinions
Just click on a topic to read or take part in the discussion.
