Interesting People mailing list archives
Post Office email system to use good crypto
From: David Farber <farber () central cis upenn edu>
Date: Mon, 10 Apr 1995 06:54:45 -0400
Date: Fri, 7 Apr 1995 11:12:21 -0700 From: jyl () eng sun com (Jacob Levy) Subject: "Trip" report: USPS Advanced Technology presentation Please forward this message as widely as you see fit. INTRO ----- This is a "trip report" of sorts. Thursday (4/6/95) evening I attended a Smart Valley sponsored talk at Rickey's Hyatt by the VP of Advanced Technology at the US Postal Service, Bob Reissler (sp?) and by the technical architect, Richard Rothwell. The purpose of the talk was to give USPS an opportunity to present their plans for "electronic mail and electronic commerce for the general population". I was the only one from Sun there as far as I could tell. There was a big contingent of people from HP, Apple and some IBMers, many one-person companies and startups, some trainers and educators and many unaffiliated individuals - a total of about 150 people attended, standing room only. OVERVIEW -------- Mr Rothwell's talk was the more substantive and interesting among the two. He presented USPS's plans for offering electronic access to their email delivery system to the 80 million US households and businesses that are currently not reached by online service providers or the Internet. After his talk, Mr Rothwell presented a short video on how they intend to educate their customers on the new product, and another USPS employee demoed the client side of their system online. Their client side system works under Windows 3.1 with MS Mail and Lotus Notes. Overall points to note: They are very concerned about privacy. They do not want to be in the business of managing or issuing escrowed key-pairs. They are very concerned about the new possibilities for abuse of privacy that become available when public keys and identity certificates are widely used (I didn't understand this part - what would these oppties be?). They are interested in working with whoever cares to make the US Govt and legislative branch relax the rules about using crypto and the export controls. They are working on a system that works globally, and active collaboration with other postal services is high on their agenda. Canada and European services were mentioned several times. TECHNICAL POINTS ---------------- The system they are building is based on a transliteration of the basic principles that make hardcopy mail work today, into the electronic world: Stamp -> Digital Signature+digital money Privace (envelope) -> Encryption Dating+location -> Per-client digital time stamp (dts) Identity (signature) -> Digital signature (ds) In regular hardcopy mail, the stamp proves that you paid and provides a guarantee that the postal service will deliver your hardcopy. The envelope provides privacy and is protected by privacy laws from tampering. The dating is provided by the cancellation on the stamp. The location is provided by each post office having its own cancellation label with its name and serial number listed. The identity is provided by the signature of the sender on the hardcopy stored within the sealed envelope carrying the cancelled stamp. The postal service will offer: - An electronic mechanism for stamping a message and adding a dts so that it proves payment and dates the message - Registered mail equivalent where the message gets signed by the USPS private key and the signature is returned to sender - Mechanisms for managing public keys (see below - no escrow) - Certificate mechanisms (see below - no escrow) - Archival services for both messages, certificates and message signatures In their new system, the "stamp" will be replaced by a digital signature on a receipt returned to the sender and archived by the service. The receipt will contain "enough bits to track the message through the system" (his words). The service replaces the traditional envelope with encryption: it accepts messages that are already encrypted and it will also offer RSA public key encryption as a service. Dating is achieved by adding a dts plus a digital signature identifying the client from which the message was received (if desire) or a more generic signature. Finally the service offers extensive mechanisms for corporate and individual public key management and certification with various levels of identity checking, all the way from biometrics based to a simple send-in-by-mail "under penalty of perjury I hereby certify that I am Jacob Levy and this key is my public key". The service also offers a certificate and public key lookup service based on an ISO 509 standard (?) without a publishing database, i.e. modelled after the "Moscow city phonebook" (his words). The idea is you can get anyone's public key if you know who they are but you cannot harvest the phone book for, e.g., all postal employees living in San Mateo (apparently they are concerned about e-mail bombs :). Some new services that he talked about: - Receipt notification through the equivalent of "sign here to receive your package" and delivery of the signed receipt back to the sender - "Bonded mail" which as far as I could tell includes archival and delivery upon the occurrence of an event specified by the sender. He called this "Forever mail", i.e. you send something which is potentially never delivered, and he noted that this is already a service offered by the current USPS (many laughs..) and so it should be offered in the new system, in the interest of preserving their current product offerings (more laughs). - Automatic tamper-proofing through the addition of a USPS generated signature that notarizes the text of your message. --JYL
Current thread:
- Post Office email system to use good crypto David Farber (Apr 10)