Here is a letter received from Safe Scrypt clarifying some points raised in
our article of December 16, 2002. (Rs 15000/- per year for Digital Contract Empowerment?)
I
thank Mr Urmez Daver for the clarifications and look forward to the
introduction of the new classes of digital certificates.
Naavi
December 27, 2002
Dear Naavi
Here and some comments and clarifications I'd like
to put forth on your article :
1. SafeScrypt will be offering about 6 types of
personal certificates - once the CPS pending approval from The CCA office
comes through. This will allow consumers greater flexibility in choosing a
product which meets their requirements - also straddling a wider range of
prices.
2. SafeScrypt does not have any commercial
arrangement with any bank for attestation of documents required for
validation. Banker attestation is essentially a service that a bank can
provide its customer for which there is no fee.
The moment SafeScrypt comes
into the picture it becomes a commercial arrangement between the bank and us,
which would then further add on to the cost of the certificate.
Hence its best a consumer gets the attestation
done by his/her banker which would be at no cost.
3. With regard to the legal validity of a Class 1
certificate - we stand by the fact that it cannot be construed to have any
legal validity.
The requirement of address verification may be a
self imposed condition of a Certifiying Authority as you have put in your
article and not as per the IT ACT - but what is the spirit of the IT Act ? It
puts the onus of validation of the subscriber on the CA - who is supposed to
issue a Digital Identity on proof of the physical identity.
So on what grounds can we even consider granting
legal validity to a Class 1 cert - where the only piece of evidence to prove
identity from the subscriber is an email id ?
This certainly has no great
bearing on proving the physical identity of the subscriber, and if it does not
meet this criterion of verifying the identity of a subscriber a certificate
which has legal validity cannot be issued to the individual
For a moment even if we do consider that a Class 1
certificate has legal validity - which application could trust a certificate
of this low level of trust ?
In many ways its still not of much use to anyone.
Your point that 15000 is an expensive proposition
may be correct - but this would get rectified once our CPS is approved.
Then
we would be able to offer certificates in the range of Rs 500 to Rs 5000 -
depending on the consumer/subscribers requirements.
This would make legally
valid certificates more affordable and can put to rest the argument that 15000
is an expensive proposition for Digital Signature Empowerment.
And before I end wish you a Happy and Prosperous
New Year 2003 !
Best Regards,
Urmez
Related Article:
Rs 15000/- per year for Digital Contract Empowerment?
