INTERNATIONAL
TELECOMMUNICATION UNION |
EXPERTS
MEETING ON ELECTRONIC SIGNATURES AND CERTIFICATION AUTHORITIES:
ISSUES FOR TELECOMMUNICATIONS |
Document
No. 4(Final)
10 December 1999
English
only
|
|
|
Geneva,
9-10 December 1999
|
|
SUMMARY OF DISCUSSION
including
RECOMMENDATIONS
CONCERNING
THE ITU’S FUTURE CONSIDERATION OF THE AREA OF AUTHENTICATION
At the invitation of the Secretary-General of the International
Telecommunication Union (ITU), a High-Level Experts Meeting on Electronic
Signatures and Certification Authorities: Issues for Telecommunications
was held in Geneva, December 9-10, 1999. The Secretary-General invited the
experts, who attended in their individual capacities, “to develop
suggestions and provide guidance for the ITU in its consideration of the
appropriate means to address the needs of the telecommunications and
Internet communities concerning electronic signatures, and to consider
international approaches for facilitating cross-border recognition of
signatures and certificates.” At the conclusion of their meeting, the
experts adopted this report summarizing their discussion and providing
recommendations.
Since its founding in 1865, the ITU has developed extensive expertise
establishing global standards, ensuring interoperability, and facilitating
development throughout the world. Its accomplishments reflect not only its
long history, but also its experience working closely with industry,
including nearly 600 Sector Members, as well as national governments and
regional and international organizations, and its large and diverse
membership, which today, with 189 Member States, outnumbers the membership
of the United Nations. During its 134-year history, the ITU has
demonstrated particular expertise in assisting and training national
telecommunication authorities, including its recent experience helping to
prepare 80 new national telecommunications regulators, in distance
education, and in facilitating continued development of the
telecommunication infrastructure—an essential conduit for access to the
Internet and the World Wide Web—within developing countries. Long a
central part of the ITU’s mission, the development of telecommunication
infrastructure takes on new importance in the face of the Internet, the
World Wide Web, electronic commerce, and other electronic and digital
services.
The Experts gathered believe that the ITU—with its unique expertise,
experience working closely with industry, and inclusive membership—has a
role in providing guidance concerning electronic authentication and
fostering an inclusive global dialogue about authentication measures and
issues. (We use the term “authentication” to refer to the broad range
of authentication measures¾whether currently in existence or yet to be
developed¾of which electronic signatures and certification authorities
are examples.) In addition, we note that the telecommunication industry
was among the first to develop and implement authentication measures, and
that the telecommunication industry today provides the primary conduit and
access to the Internet and electronic information services. The
telecommunication industry is the special responsibility of the ITU and
has long built relationships of trust with both individuals and
institutions that have evolved in part under a global structure and treaty
framework administered by the ITU and that are important to the
development and availability of authentication methods.
The Experts see this meeting as an important step in the process of
utilizing the ITU’s expertise in regard to authentication. We note that
it is not the only step: ITU-T Recommendation X.509 and recent initiatives
amending that Recommendation to address trusted third parties are examples
of other on-going ITU activities in this area. In our capacity as
individual experts, we outline below three recommendations concerning the
ITU’s future consideration of this area.
Recommendations
1.
Prior to undertaking further consideration of activities related to
authentication, the ITU should identify, inventory, and take into account
the principles and activities concerning authentication that have been
agreed upon or are currently under consideration by other international
and regional, intergovernmental and industry organizations and
initiatives.
2.
The ITU’s further consideration of any authentication issues, having
taken into account the principles and activities identified through
Recommendation 1 above, should:
a.
Enable and facilitate reasonable and appropriate authentication measures.
b.
Encourage voluntary, rather than mandatory approaches, and promote
effective competition.
c.
Where international dialogue is needed and where appropriate, it should be
closely coordinated and conducted in coordination with, the activities of
other institutions, including international and regional organizations,
industry, national governments, and the private sector.
d.
Avoid duplicating the efforts of other organizations.
e.
Not engage in activities that constrain the development and implementation
of market-based initiatives and standards or of private arrangements for
authentication.
f.
Be technology-neutral, so as not to constrain the development of new
technologies, applications, services, and products for authentication.
g.
Be sensitive to the unique features and technologies of the Internet, the
World Wide Web, and related systems, including their rapid pace of
evolution, inherently global character, and lack of centralized authority.
h.
Be particularly attentive to the needs of developing countries and
cultural differences among individuals and groups.
i.
Facilitate authentication across borders.
3.
The ITU should include the following as part of its consideration of
possible future steps concerning authentication:
a.
Provide education about authentication to, and opportunities for
information-sharing about authentication among, the public, national
regulators, business leaders, and others, including, in conjunction with
other relevant organizations, facilitating an online discussion forum for
experts to exchange information about this rapidly developing topic.
b.
Facilitate the development and implementation of authentication in, and in
connection with, developing countries through training, the participation
of government officials and telecommunication industry leaders from
developing countries in ITU activities concerning authentication, and
other appropriate activities.
c.
In close cooperation and consultation with other organizations that have
embarked on initiatives in this area, continue and expedite its
standard-setting activities relevant to authentication, recognizing in its
standard-setting activities in other areas the potential impact of those
standards on authentication, and opportunities, where appropriate, for
further facilitating authentication through those standards.
d.
Consistent with the principles identified in Recommendations 1 and 2 and
in close cooperation and consultation with other organizations that have
embarked on initiatives in this area, investigate and evaluate models for
facilitating authentication across borders.
e.
Focus its attention on the needs and responsibilities of the
telecommunication industry and the Member States and Sector Members of the
ITU. The ITU’s activities in this regard could include facilitating the
exchange of information within the telecommunication industry and between
this sector and other industries about their experience with
authentication; special attention to electronic authentication issues in
the development of telecommunication recommendations; and initiatives
relating to the telecommunication industry’s use of authentication
measures.
f.
Expand and enhance its cooperative and coordinating activities relating to
authentication measures. These activities could take many different
forms—virtually all of them in cooperation with other international and
regional governmental, industry, and consumer organizations (Examples
might include maintaining a glossary of key terms and their accepted
meanings or of common provisions and formats for evaluating the fitness of
authentication measures for their intended purpose).
This list is not exhaustive; rather it reflects
some of the key activities identified by the Experts Meeting concerning
authentication measures that we believe the ITU should include in its
future consideration of authentication issues.
We have instructed the Chairman to forward this report, together with a
list of participants and copies of the presentations made at the meeting,
to the ITU Secretary-General, and to convey to the Secretary-General our
appreciation for having convened this High-Level Experts Meeting and for
his participation in and hospitality during the meeting.
Done at Geneva, on 10 December 1999 |