Legal aspects

of PKI
Fact Sheet

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

IMPORTANT LEGAL NOTICE

Copyright 2001-2004, TrustWeaver AB. All rights reserved.
This document contains TrustWeaver AB proprietary information, which is
protected by copyright. No part of this document may be reproduced or
transmitted in any form or by any means, or translated into another language,
without TrustWeavers prior written consent.
This paper is provided for informational purposes only. It is not professional
counsel and should not be used as such.
The information in this document is subject to change without notice.
TrustWeaver AB makes no warranty of any kind with regard to this material,
including any implied warranties of merchantability and fitness for a particular
purpose. TrustWeaver AB shall not be liable for errors contained herein nor for
incidental or consequential damages in connection with the furnishing,
performance or use of this material.
TrustWeaver is a trademark of TrustWeaver AB.

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

Content

INTRODUCTION

WHAT IS TRUST, ANYWAY?

TRUST IN THE EMERGING INTERNET ENVIRONMENT

TRUST REQUIREMENTS

POLICY-BASED PKI

5.1

Frameworks and standards

5.2

The WHAT in policy-based PKI: the Certificate Policy (CP)

5.3

The HOW in policy-based PKI: the Certification Practice Statement (CPS)

5.4

Relying party notices and agreements

LEGAL ASPECTS OF POLICY-BASED PKI

6.1

Legal certainty

6.2

Reasonable reliance

6.3

Enforceability

6.4

Liability

10

CONCLUSION

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

11

BEFORE READING THIS DOCUMENT

The information in this document requires a basic understanding of the Internet
and Public Key Infrastructure (PKI). A high-level introduction to the technical
aspects of PKI can be found on the download section of Tekkis website
www.tekki.se. Last update of this Fact Sheet: 31 August 2004.

Introduction

Nine out of ten PKI implementations are primarily technology projects. This often
leads to legal aspects being ignored or at best based on superficial assumptions.
However, the full trust-enhancing potential of PKI can only be realized through a
proper interplay between technological and legal components.
This white paper aims to explain the benefits to your e-business strategy of
integrating legal components through policy-based PKI.

What is trust, anyway?

Contrary to popular belief, trust and security are not always the same thing.
Security is about controlling resources, which in an e-business context often
means access control, authorization, encryption etc. But security alone is often
not sufficient to obtain the trust that most businesses seek to establish with their
customers and partners.
Trust, at one level, is a highly complex and inherently individual emotion. As
such, it is difficult to define trust in rational terms. Nonetheless, trust can be
significantly enhanced through concrete measures. The objective of business
trust instruments and techniques is to achieve a proper understanding and
equitable allocation of all risk among all actors in a system. One can thus
strengthen an e-business environment by creating a common sentiment among
customers and partners that no one will suffer a disproportionate degree of
damage in the event anything goes wrong. Such a higher level of comfort allows
each participant to manage its risks more easily, thus lowering the participation
threshold. To create this sentiment (and thus enhance trust) in relation to ebusiness infrastructure one has to pay attention to, in addition to security, risks
relating to legal redress, individuals control over their data, transaction evidence
etc. At the core of most trust questions is the issue of identity: whos who. In
addition, trust will often require an assertion of relevant attributes (such as ones
credit history, membership of professional bodies, accreditation and certification,
etc.), ensuring whos what.
While security considerations are confined to the use of computers and networks,
trust measures build a bridge between such technical infrastructure and key
business imperatives.

Trust in the emerging Internet environment

In an electronic environment, the risks are different from in traditional paperbased environments: the Internet allows low-cost, instantaneous communications
and even the direct provision of certain types of services. In addition, geographic
Copyright 2001-2004 TrustWeaver AB. All rights reserved.

location is hardly relevant in the Internet environment. These factors have

opened up many new business opportunities, but they have also contributed to
the average business facing higher risks of fraud and mistakes. In the emerging
web services environment, these risks will further increase due to the fact that
software components interact more frequently as well as on a much more ad-hoc
and autonomous basis.
Many new Internet services are built and rolled out without sufficient attention to
trust issues. With Internet related threats growing continuously, this frequently
contributes to overexposure to risk by all parties involved. This not only strains
relationships between and among users and suppliers of e-business solutions, it
also leads to resource wastage and weakens prospects of return on e-business
infrastructure investments.

Trust requirements

So when does an e-business environment become trustworthy? A common

breakdown of the most fundamental requirements is as follows:

Identification: ascertaining the identity and/or attributes such as

company, position, authority level etc. of a person or entity; this
requirement is sometimes also referred to as authentication;

Integrity: ensuring that data remain unchanged;

Confidentiality: ensuring that data are not read by unauthorised parties;

Availability: ensuring that data are accessible when they have to be;

Non-repudiation: an important result of fulfilling the integrity and

identification requirements it means that business partners working in a
trustworthy electronic environment cannot claim that they did not make
certain statements or commitments.

Sometimes e.g. in small-scale or functionally limited e-business communities

trust requirements are met without any specific technological or legal tools. Most
often, however, some specific trust-enhancing steps are needed. In those cases,
some form of PKI usage usually provides the most cost-effective answer because
it has the unique quality of fulfilling four out of five (all of the above except
arguably availability) fundamental trust requirements in one go.
As we will see further in this document, a proportionate incorporation of legal and
business components through a policy-based approach to PKI can help you to
make this transition in a responsible manner.

5
5.1

Policy-based PKI
Frameworks and standards

The goal of a policy-based PKI is to enhance trust by ensuring a transparent

and equitable risk allocation throughout a community. The interaction among
participants in a policy-based PKI is governed by two documents: the Certificate
Policy (CP) and the Certification Practice Statement (CPS).
The CP and CPS jointly provide the information that actors in a PKI may need to
assess the level of confidence they can have in a certificate and private key.
Copyright 2001-2004 TrustWeaver AB. All rights reserved.

They do so by providing detailed information on the many security and procedural

parameters that can influence the strength of a certificate. For instance:

the identification process used to bind the public key to the users identity
can be based on different levels of proof (e.g. a passport, email address,
credit records)

the private key can be stored or protected only with a password, or

alternatively in secure hardware (e.g. on a smart card or USB token).

Relevant requirements are prescribed in the CP. The CPS describes how a CA
implements these requirements. A big question in PKI is how the key CP and
CPS rules can be enforced against relying parties. A standardized way of
informing relying parties (called the PKI Disclosure Statement) has been
proposed , however varying approaches to relying party notification and
contracting exist.
The widely adopted document providing guidance on CPs and CPSs is the
Internet Engineering Task Forces (IETF) Internet X.509 Public Key
Infrastructure Certificate Policy and Certification Practices Framework, which can
be consulted on http://www.ietf.org/rfc/rfc2527.txt. This Framework will be
referred to in this document as RFC 2527.
RFC 2527 has in November 2003 been replaced with RFC 4637, however the
latter document modernizes rather than modifies RFC 2527.
5.2

The WHAT in policy-based PKI: the Certificate Policy (CP)

A CP is the highest-level document in a policy-based PKI. Its purpose is to

determine the level of trust that the CA strives to provide by setting out what the
CA should do. A CP may be issued as a series of trust requirements from an
organizational user, which the CA has to meet. A CP does not necessarily
prescribe in much detail how this level of trust is to be achieved.
5.3

The HOW in policy-based PKI: the Certification Practice Statement

(CPS)

The CPS addresses the way in which a CA meets the applicable CP, i.e. how the
CA lives up to the requirements.
Important issues in the CPS include detailed descriptions of:

5.4

Operational procedures as well as audits and controls to reach the

required CA security levels;

Stipulations concerning the CAs liability towards the market;

The means of private key protection: smart-card or other token permitted

etc;

Documentation and other evidence used to meet the CP certificate holder

validation (or authentication;
Relying party notices and agreements

As we will see further below (6.2.2.) the CA needs to take care to notify the
relying party of the conditions for use of a certificate and the limitations of liability.
However, the design of most CPs and CPSs does not take account of the fact
Copyright 2001-2004 TrustWeaver AB. All rights reserved.

that most legal systems will not grant legal effect to agreements or notices that
are too complex, obscure or voluminous for the circumstances. It is not
reasonable to expect for instance an individual to wade through a 200-page legal
document before deciding to rely on a certificate. Realizing this, the Internet
Engineering Task Force (IETF) has worked on a standardized short-form
notification document called the PKI Disclosure Statement (PDS).
It should be noted that the subject of enforcing rules against relying parties
remains an area of divergence; the above-mentioned IETF work has contributed
to greater harmony but there is no widely adopted standard yet. A complicating
factor is that certain PKI implementations lend themselves to a contractual
approach i.e. binding relying parties by contract rather than mere notice.
Contractual approaches work well in closed environments, but their value is very
limited when parties are not part of a common infrastructure.

Legal aspects of policy-based PKI

Much of the trustworthiness of a policy-based PKI depends on the degree to

which participants can rely on a certificate to enforce their legitimate rights
flowing from the CP, CPS and PDS in a court of law. In other words, the level of
risk management that can be achieved with PKI is determined by the degree to
which PKI can be backed up with legal certainty.
6.1

Legal certainty

Legal certainty in PKI has two important aspects: enforceability and liability. The
aim of policy-based PKI is to maximize chances that any reasonably acting party
who relies on a digital signature can either enforce a certificate against a signor
or, should this not be possible, to recover damages from a party in the PKI
(Certification Authority or certificate holder) that does not live up to its contractual
obligations.
1. The first issue to ensure legal enforceability (see section 6.3 below)
is one of the most critical objectives of policy-based PKI. If you base an
important business decision on a digitally signed document, you want to
be sure that the signer cannot successfully deny his signature1.
2. The other legal issue is that of liability (see section 6.4 below). Imagine
you want to enforce a digitally signed document and take the party named
in the certificate to court. Suppose a judge admits the digital signature as
such as evidence, but your counter-party successfully proves that he was
not the signer of the document you relied on. As a result you may lose
your case and probably money. Your damage may be due to a mistake
made in the certificate registration process, for instance if it was issued to
a fraudster pretending to be your business partner. It may also be due to a
third party having obtained the signors private key, maybe because to the
latter was negligent in protecting it. In such cases it is important to know
who bears the risk for loss incurred by the relying party.

It is important to note here that also a party encrypting to the end entity named in a certain certificate relies on that
certificate. Although certificate challenges are less likely to occur in this scenario, they should not be excluded. The
legal issues described in this paper in principle apply equally to such cases.

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

6.2

Reasonable reliance

It is important to understand at this point that one cannot blindly rely on a digital
certificate. Before having the options to enforce a certificate or invoke a CAs or
signors liability, a relying party has to take certain steps to assure itself of the
certificates validity and appropriateness. These measures are often referred to
as relying party obligations, and having taken these steps means that you are
reasonably relying on a certificate (see 6.2 below). As we will see in 6.2.2,
though, the relying party will generally not be held to comply with rules it could
not be reasonable aware of because the CA did not inform him correctly.
6.2.1

Obligations of the relying party

Before relying on a certificate, the relying party must take certain steps to verify
its trustworthiness:
1. Check the certificates validity, which means that the relying party has to
check that the certificate:
a. has been signed by the CA and that the chain of trust to any
higher-level CAs is intact;
b. has not expired;
c. has not been revoked.
The above checks are typically performed automatically by the relying
partys software (for example, most well-known e-mail clients and
browsers will warn a recipient in case a certificate has validity
problems).
2. Respect any usage restrictions and take note of liability limitations that
are adequately notified to the relying party. In some cases, this more
normative reliance decision can be semi-automated: the software is then
programmed to accept only certificates governed by rules previously
judged appropriate by a human being.
If the relying party has not taken these steps, it cannot be said to reasonably
rely and may as a consequence not be able to enforce a certificate or invoke the
CAs or certificate holders liability. As an example, if the relying party has relied
on a signature based on a revoked certificate without having checked its
revocation status, the relying party cannot assume that the party named in the
certificate was indeed the signor, nor can it successfully claim that the CA and/or
the signor acted negligently to recover damages had the relying party been
reasonable and checked the revocation status, it would never have relied on the
signature in the first place.
6.2.2

Adequate CP/CPS notice to relying parties

The CA needs to take care to notify the relying party of the conditions for use of a
certificate and the limitations of liability. Meaningful notification of terms and
conditions is a key requirement in contract law. It is an even stronger requirement
in non-contractual situations such as those between a CA and a relying party in
complex e-business scenarios. The adequacy of a CAs notice of essential terms
in its CP and CPS to a large extent determines the effectiveness of a Policybased PKI.
When assessing the appropriateness of a notification, it is not only the
conspicuousness of the reference that is taken into account but also the
Copyright 2001-2004 TrustWeaver AB. All rights reserved.

accessibility of the document referred to as well as how perspicuous the terms

and conditions are.
CP and CPS standards and frameworks (such as RFC 2527) are of course not
laws, but they serve as an industry reference for adequate notice. Although these
frameworks and standards leave room for much individual creativity by the CA, if
implemented correctly in the context of applicable laws they significantly heighten
the probability that a certificate can be enforced despite the absence of a formal
contract between the CA and a relying party.
In the following sections we assume that the relying party has acted
reasonably when making its choice to rely on the certificate.
6.3

Enforceability

A prerequisite for enforcing an electronic signature in a court of law is that the

judge (1) admits it as evidence and (2) considers the signature to have legal
effect.
6.3.1

Admissibility as evidence

Before reviewing the quality of a

Governments have long recognized the potential of PKI for enhancing trust
certificate, a judge has to decide
in electronic communications. Digital and electronic signature laws have
existed since the mid 1990s, and slowly international harmonization efforts
whether the certificate is admissible as
are starting to bear fruit. The United Nations Commission on International
Trade Law (UNCITRAL) has adopted a Model Law on Electronic Signatures
evidence. This is matter of procedural
that ensures (1) legal (evidentiary) recognition of all electronic signatures
law. Suffice it to say that most laws
and (2) equivalence with hand-written signatures for certain PKI-based
signatures. A similar framework has been put in place in the European
today accept the admission of electronic
Union. All the worlds leading trading nations have adopted or are in the
data, including electronic signatures and
process of adopting legislation rendering electronic signatures legally
acceptable.
public key certificates, as evidence in
court. Many countries have also enacted
laws that effectively prohibit courts from denying evidence solely because it is in
electronic form.
6.3.2

Legal effect

Once a signature has been admitted as evidence, the judge has to decide
whether the signature has legal effect.
Most laws today include a non-discrimination rule, which typically states that an
electronic signature should not be denied legal effect only because it is in
electronic form. However, the non-discrimination principle does not necessarily
mean that the judge will find the signature sufficiently trustworthy to enforce. The
judge further has to assess the probability that the signature was the result of an
error or fraud. If the judge deems it sufficiently probable that the certificate was
indeed validly issued to the named end entity, then the relying party may enforce
the signature.
In some cases the law explicitly requires that something be signed with a
handwritten signature. In such cases an electronic signature may in some
jurisdictions be able to replace a handwritten signature, whereas in others this is
not possible. Certain laws have introduced specific kinds of electronic signatures
for meeting such signature requirements, such as the qualified electronic
signature in the E-Signature Directive. In areas such as real estate law and family

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

law, however, it is nearly always impossible to substitute an electronic signature

for a handwritten signature.
6.4

Liability

If the certificate is denied enforceability, the relying party may sue the CA for
issuing a fraudulent or flawed certificate. The CA is in principle liable for mistakes
in certificate issuance, although there are ways in which the CA can limit its
liability. There may also be instances where the principal or only reason for a
certificates untrustworthiness lies with the certificate holder this may happen
for example if the certificate holder has acted negligently in protecting its private
key. In this case the CA may not be the (only) liable party.
6.4.1

CA liability

6.4.1.1 CA liability due care

CA liability varies depending on jurisdiction, but the CA can generally be said to
be liable if it is negligent (does not take due care) in performing its obligations.
CA liability in a policy-based PKI is typically a function of the CAs own
communicated policies and practices, unless the law includes minimum
requirements and obligations of a CA. The content of notions such as due care
and negligence may vary per jurisdiction.
In this context it is important to understand the difference between contractual
and non-contractual liability.

6.4.1.2 Contractual liability

Contractual liability concerns the liability between parties of an agreement. In
situations involving ordinary business use of PKI, parties are generally free to
regulate liability in their agreement as they see fit. In so-called closed systems,
where the CA has agreements with all the parties in the PKI, the CA will thus
often use contract to limit its liability.2
6.4.1.3 Non-contractual liability
For certificates used outside well-controlled closed e-business environments, it is
often impracticable or even impossible for the CA to create valid contractual
relationships with all potential relying parties. In the absence of a valid
agreement, the legal relationship and liability between the CA and relying parties
are thus regulated by the law. In such circumstances, the CAs liability is strongly
influenced by the degree to which a CA can effectively inform a relying party of
key legal issues included in its CP and CPS this problem is usually referred to
as that of adequate notification or notice (see 6.2.2 above).
6.4.1.4 Limiting liability
But even if the CA did not act with due care, many laws allow CAs to limit their
liability in various ways. Such limitation types may be on a per-transaction basis,
as an aggregate liability cap per certificate, or as a limitation of the transaction
value allowed for the certificate. To take advantage of such limitation possibilities,

In certain jurisdictions there are mandatory laws that restrict the CAs possibilities to limit its
liability e.g. the EU E-Signature Directive .
Copyright 2001-2004 TrustWeaver AB. All rights reserved.

10

though, the CA must give adequate notice of such limitations by effectively

communicating them to the relying party.
While liability limitations for negligence / lack of due care can often be limited this
way, it is in most cases impossible (even with proper notification) to limit liability
for acts or omissions that are due to gross negligence or willful misconduct.
Limitation of liability is further often restricted towards weaker parties, such as
consumers. Finally some laws explicitly restrict the ways in which a CA can limit
its liability.
6.4.2

Certificate holder liability

The CA and the certificate holder have a contractual relationship where both
parties can be liable for breach of contract if they dont comply with their
respective obligations.
Between the certificate holder and the party relying on a certificate there may or
may not be a contract dealing with rights and obligations around the use of
certificates. However, in cases there will be no such contract there are good
reasons to protect the relying party in case the certificate holder has been
negligent, an approach that certain laws have adopted.

Conclusion

The full trust-enhancing potential of PKI can only be realized through a proper
interplay between technological and legal components. Integrating a
proportionate legal component within your PKI helps you to manage the risks
related to opening up your e-business environment to people and entities that are
not within your direct control. The most effective way to achieve this is by
adopting a policy-based PKI, which introduces a rules infrastructure that gives
communicating parties increased legal certainty.

www.trustweaver.com
Contact us on www.trustweaver.com if you have any questions or wish to
discuss the content of this White Paper.

Copyright 2001-2004 TrustWeaver AB. All rights reserved.

11