Australian Computer Society

Encryption & Electronic Commerce in Australia

by Tom Worthington, President of the Australian Computer Society

4pm, Friday 22 November 1996, Room TP4, The Computer Laboratory

University of Cambridge, UK

Announcement & Summary

Tom Worthington will give a short talk to the University of Cambridge Computer Security Group, on encryption and electronic commerce issues in Australia.

About the speaker

Tom Worthington is current National President of the Australian Computer Society. Away from the ACS Tom is Deputy Director, Information management Planning, Australian Department of Defence. Tom is co-author of the ACS InfoBahn Policy, the Defence Representative on the Commonwealth Group, and one of the authors of the new Architecture For Access To Government Information.

For more details (Note it's moved to TP4 from the discussion room) see the Computer Security Group Home Page.

Draft of 22 November 1996: The content of this talk will be developed here. Suggestions and comments welcome: tom.worthington@tomw.net.au

Public Key Authentication Framework (PKAF) in Australia

PKAF is a proposal prepared by a Standards Australia committee for an Australian infrastructure for issuing authentication keys for use by Government, industry and the general public. You can read the PKAF summary provided by permission of Standards Australia yourself. Here is a few things PKAF isn't:

Not for encryption, only authentication,
Not a key escrow facility (the private keys are not held by a central authority),
Not a technical standard, but a proposal for the framework for using standards such as DSS and RSA,
Not a legally binding document, but some changes to laws would be required to implement it.

The PKAF report provides a very good overview of the issues involved in setting up a system for authentication and the infrastructure required. It may be of value to other countries and to organisations considering the issues and as a tutorial for those interested in the issues.

In its simplest form the infrastructure would allow me to go to the local post office, pay some money, prove who I am and be issued with a private key. I can then use that key to do business on-line.

By addressing only authentication, PKAF side-steps the many difficult regulatory issues with use of encryption. However, this really just puts off addressing that issue, rather than solving the problems. Encryption will be required for on-line transactions.