Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesA Matter of Trust

June 1997 / International Bits / A Matter of Trust

Germany is taking a leading role in establishing a legally binding electronic-communications infrastructure.

Reiner Gaertner

As electronic commerce expands, positively identifying the authenticity of the sender of information and protecting his or her privacy are becoming increasing concerns in Europe.

With the U.K. government's recent paper ("Licensing of Trusted Third Parties for the Provision of Encryption Services") and the German federal cabinet approving the German Information and Communication Ser vices bill (IuKDG), a debate about the best implementation of digital-signature schemes is heating up.

The key to the debate is whether governments will be the sole providers and keepers of Internet encryption schemes. And if they do get that power, what safeguards will be installed to ensure the privacy of that country's citizens who use the Internet to send sensitive documents?

IuKDG includes, among other regulations, an act on digital signatures, which requires public-key encryption for the generation and verification of documents but doesn't accept the Internet-standard PGP for the public-key scheme. It also demands implementation of trust centers, which handle the public-key directory of valid certificates and the certification of encryption products (according to ITSEC E2/E4 standard criteria) by BSI, which is the country's information security agency.

With the digital-signature act, Germany is now assuming a leading role in establishing a legally binding electronic-communications infrastructure. "The digital-signature act is a first step in the right direction," says Helmut Reimer of TeleTrust, a nonprofit organization for the promotion of information security.

Others are more critical. "The trust-center concept of the digital-s ignature law includes key generation, certification, and directory services. But how do you guarantee that certification authorities delete keys after generation?," asks a spokesperson of the Individual Network Society, which is setting up a trust center for individuals based on PGP. Further counterarguments raised are the exclusion of PGP and the impossibility of retrospective invalidation of certificates.

However, the digital-signature act may finally become a law sometime this summer. In the meantime, vendors such as Utimaco (Oberursel) are working on signature schemes that comply with the requirements of the digital-signature act. German information technology (IT) service organizations such as Debis Systemhaus (Leinfelden-Echterdingen) and Deutsche Telekom's product center Telesec (Netphen) are preparing the way for official trust centers.

Telesec's trust-center services, for example, are identification, registration, certification, time-stamping, and the provision of certificates in public d irectories. They use smartcard technology to store private and public keys and other user information. This has the advantage that the private key never leaves the smartcard and thus cannot be compromised. Participants of the security infrastructure can log in from any computer that's equipped with a smartcard reader.

Up to the International Bits section contentsGo to next article: Floppy Drive Reads SmartcardsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network