New Mexico took a California style approach with a minimum statute, and the Public Records Commission issued standards. The Secretary of State is authorized to establish a registration (not certification) system, and was going to set up a server this fiscal year but the $70,000 appropriation was vetoed, by the same governor who stated that this was one of the important initiatives of his administration. The basic statute in New Mexico is: In the Public Records Commission statutes: Section 14-3-15.2. Electronic authentication; substitution for signature. Whenever there is a requirement for a signature on any document, electronic authentication that meets the standards promulgated by the commission may be substituted. END STATUTE The standards promulgated by the Public Records Commission and issued as regulations effective July 1, 1996 are not yet in the Michie compilation. I need to check and see why. The Secretary of State provisions are: Chapter 14 Article 15 ELECTRONIC AUTHENTICATION OF DOCUMENTS 14-15-1. Short title. This act [14-15-1 to 14-15-6 NMSA 1978] may be cited as the "Electronic Authentication of Documents Act". 14-15-2. Purpose. The purpose of the Electronic Authentication of Documents Act [14-15-1 to 14-15-6 NMSA 1978] is to: A. provide a centralized, public, electronic registry for authenticating electronic documents by means of a public and private key system; B. promote commerce; and C. facilitate electronic information and document transactions. 14-15-3. Definitions. As used in the Electronic Authentication of Documents Act [14-15-1 to 14-15-6 NMSA 1978]: A. "archival listing" means entries in the register that show public keys that are no longer current; B. "authenticate" means to ascertain the identity of the originator, verify the integrity of the electronic data and establish a link between the data and the originator; C. "document" means any identifiable collection of words, letters or graphical knowledge representations, regardless of the mode of representation. "Document" includes correspondence, agreements, invoices, reports, certifications, maps, drawings and images in both electronic and hard copy formats; D. "electronic authentication" means the electronic signing of a document that establishes a verifiable link between the originator of a document and the document by means of a public key and private key system; E. "key pair" means a private key and its corresponding public key that can verify an electronic authentication created by the private key; F. "office" means the office of electronic documentation; G. "originator" means the person who signs a document electronically; H. "person" means any individual or entity, including: (1) an estate, trust, receiver, cooperative association, club, corporation, company, firm, partnership, joint venture or syndicate; and (2) any federal, state or local governmental unit or subdivision or any agency, department or instrumentality thereof; I. "private key" means the code or alphanumeric sequence used to encode an electronic authentication that is known only to its owner and that is the part of a key pair used to create an electronic authentication; J. "public key" means the code or alphanumeric sequence used to decode an electronic authentication that is the part of a key pair used to verify an electronic authentication; K. "public and private key system" means the hardware, software and firmware provided by a vendor for the following purposes: (1) to generate public and private key pairs; (2) to produce a record abstraction by means of a secure hash code; (3) to encode a signature block and a record abstraction or an entire document; (4) to decode a signature block and a record abstraction or an entire document; and (5) to verify the integrity of a document; L. "record abstraction" means a condensed representation of a document that is prepared by using a secure hash code; M. "register" means a database or other electronic structure that binds a person's name or other identity to a public key; N. "revocation" means the act of notifying the secretary that a public key has ceased or will cease to be effective after a specified time and date; O. "secretary" means the secretary of state; P. "secure hash code" means a mathematical algorithm that, when applied to an electronic version of a document, creates a condensed version of the document that makes it computationally impossible to identify or re-create the document without essential knowledge of that document; and Q. "sign" or "signing" means the execution or adoption of any symbol by a person with the intention to establish the authenticity of a document as his own. 14-15-4. Office of electronic documentation; powers and duties. The "office of electronic documentation" is established under the secretary of state. The office shall maintain a register of public keys for electronic authentications made in accordance with standards adopted pursuant to the provisions of Section 14-3-15.2 NMSA 1978. The office shall register public keys for public officials, persons who wish to transact business with the state and any other person when registration will promote the purposes of the Electronic Authentication of Documents Act [14-15-1 to 14-15-6 NMSA 1978]. The register shall include both current listings and archival listings. 14-15-5. Regulations. A. The secretary shall adopt regulations to accomplish the purposes of the Electronic Authentication of Documents Act [14-15-1 to 14-15-6 NMSA 1978]. B. The regulations shall address the following matters: (1) registration of public keys; (2) revocation of public keys; and (3) reasonable public access to the public keys maintained by the office. C. The regulations may address the following matters: (1) circumstances under which the office may reject an application for registration of a public key; (2) circumstances under which the office may cancel the listing of a public key; and (3) circumstances under which the office may reject an attempt to revoke registration of a public key. 14-15-6. Contracting services. The secretary may contract with a private, public or quasi-public organization for the provision of services under the Electronic Authentication of Documents Act [14-15-1 to 14-15-6 NMSA 1978]. A contract for services shall comply with regulations adopted pursuant to the Electronic Authentication of Documents Act and the provisions of the Public Records Act [Chapter 14, Article 3 NMSA 1978] and the Procurement Code. END STATUTE The Secretary of State has not issued regulations, primarily because of the vetoed appropriation. The New Mexico statutes and regs just went up on the net. They are at: http://www.michie.com/Code/NM/NM.html Michie's NM Internet Resources New Mexico Statutes New Mexico Administrative Code There was an ABA discussion group in 1994, but I have no archives nor pointer. My own view and that of the New Mexico Advisory Committee was that the ABA/Utah approach was totally wrongheaded by getting involved with certification and the liability issues that go along with it. We perferred to believe that the commercial community would accept the _procedural_ safeguards build into the Secretary of State's system. Especially since state Government would be accepting those safeguards as adequate. But I guess we won't know until next year. The feds have some interesting technical stuff on the net, NIST is at http://www.nist.gov/welcome.html The FIPS from NIST are available electronically from Computer Security Resource Clearinghouse (CSRC) at: http://csrc.nist.gov A couple titles are: FIPS 186, Digital Signature Standard (DSS), U.S. DOC/NIST, May 19, 1994. FIPS 180-1, Secure Hash Standard (SHS), U.S. DOC/NIST, April 17, 1995. We used them in defining New Mexico's standards, but sparingly. The CSL Bulletrins also make interesting reading: http://cdrom.com/pub/security/coast/mirrors/csrc.ncsl.nist.gov/nistbul/ presumedly also: http://csrc.ncsl.nist.gov/nistbul/ There are often interesting discussions on the USENET groups sci.crypt and comp.security.pgp.tech I hope some of this helps. -- Thaddeus P. Bejnar