Child Online Protection Act
TO:
Commission on Online Child Protection
FROM:
Michael S. Baum
Vice President, VeriSign, Inc.
michael@verisign.com
RE:
Comments on Verification Systems
DATE:
June 5, 2000
I. Introduction
This paper1 responds to the Commission on Online Child Protection’s (Commission)
request for comments regarding “one-click away” resources, age verification systems, and
an adult top-level domain in support of the Child Online Protection Act (COPA).2
Specifically, it describes how digital signature technology might be used to support age
verification systems under COPA.
This memo’s main proposition is that only digital signatures3 and supporting public key
infrastructures (PKIs)4 can provide adequate and scalable security for information
1 This paper is available at < http://www.repository/pubs/copa >.
2 47 USC § 231.
3 Digital signatures utilize a key pair consisting of a key that is kept secret by its holder (the private key)
and a corresponding key that is (or can be) made public (the public key) without compromising the private
key. To digitally sign a message, the signer applies his or her private key to it. The digital signature is
not the private key itself; rather, it is a number, unique to that particular signed message, that is generated
when the private key is applied to the message. Therefore, every digitally signed message contains a
unique digital signature. It is computationally infeasible to ascertain a user’s private key by evaluating a
digital signature from one of his or her messages. See INFORMATION SECURITY COMMITTEE , SECTION OF
SCIENCE AND TECHNOLOGY, AMERICAN BAR ASSOCIATION, DIGITAL SIGNATURE GUIDELINES: LEGAL
INFRASTRUCTURE FOR CERTIFICATION AUTHORITIES AND SECURE ELECTRONIC COMMERCE § 1.11 (1996),
< http://www.abanet.org/scitech/ec/isc/digital_signature.html >.
4 The term public key infrastructure refers “both to a certification infrastructure based on public and private
cryptographic keys and to the discrete comp