Ray Van Eng (10/03/96) Quick -- what are the most frequent uses online? If you answer e-mail, browsing the web or reading News Group, you are probably right. So if e-mail is so popular among users with many citing that as one major reason to get onto the Internet, shouldn't the government-run postal services be worried? There are signs that they are, and they are doing something about it too. If you can't fight them, join them. That seems to be what the U.S. Postal Service (USPS) is saying, amidst an effort to roll out a new service nation-wide in which they would stamp e-mail messages with a digital postal meter that would authenticate the time, the date, the origin and the destination all at the same time. It is sort of a registration service for cyberspace communicators. The digital postal meter concept is based on the time-honored private/public key pair encryption technologies that was first developed by scientists in research labs in the 1970s. To participate in this program, one would need to have a pair of public and private key (or encryption software program, if you like). The sender would use the receiver's publicly listed public key to code a message, the receiver would then use his/her own private key to decode the message. Both parties would then be sure that the message is not being read or modified by anyone other than the receiver. Thus, integrity and confidentiality are preserved. In order to authenticate the sender's identity, the sender could also use his/her own private key to code part of the message (the name and address, for example) and send that along with the actual message over to the receiver who would then use the sender's public key to decode that part of the message, thus the receiver would know that the sender is the entity that he/she claims to be. With that, authenticity is verified. Useful as these two approaches may be, they provide no proof that the message is being sent on a certain date and time. Also, who is going to assign public and private key pairs to ensure that there are no duplications in the marketplace. To implement both services, we need a publicly trusted authority and the post office may seem like an ideal candidate for such functions. The USPS is certainly seeing the light and recognizing the opportunity. Since August this year, the USPS is starting a limited market test to provide digital time-stamps on e-mails with the Greenwich Mean Time as part of their "Electronic Postmarking Service". Someone interested in getting the service would need to direct his/her e-mail to the post office server for stamping. However, there will be an eight minute delay for the post office to deliver the service. Staring next year, the USPS plans to take up the task of issuing private and public keys to individuals and corporations. The post office may also offer e-mail archival services which can create an audit trail of dated messages for later retrieval by either the sender or recipient. The time-stamping service is priced at 22 cents for a 50 Kbyte message. Volume discounts will be available for large corporations, the target group for the post office's cyber services. Retrieval services could cost about 40 cents for the same amount of data. If the post office is successful in their venture, they could proof to be the one who could lay the groundwork and set some standards for secure and authenticated e-mail communication. And that has some bankers worried that they themselves could be cut off from this potentially lucrative trade by the post office. In a letter addressed to the USPS, a bankers' lobby group, the American Bankers Association, tried to dictate the government agency's role of just delivering mail in the real world. This action from the bankers group left very little doubt that its member banks would like to offer competitive services in cyberspace also. |
© Copyright Ray Van Eng 1996 - 1999. All rights reserved.