If I was working for Canada Post five years ago, then I would have started a cryptographic notary division. Kinduv like what Versign and... uh... Versign does today.
Canada Post can still break into this market because the current authority hierarchy is a joke. Versign will sign a certifcate for anybody that can cough up the cash. Microsoft has essentially granted Versign a license to make money.
Canada Post has some things that a private corporation will never have:
- Everybody in meatspace trusts them and believes that they are honest, even organizations outside of Canada. There is a strong analogy for "registered letter" is cyberspace.
- They will not be corrupted by the profit motive. (But they can still make wads of cash, just like Versign.)
- They have locations across the country from which to issue credentials in person. No private company would ever spend the money to do that, whereas Canada Post has a federal mandate to have brick-and-mortar outlets everywhere.
- The federal government could legislate (and ensure) that anything under the Canada Post signing tree is as good as a handwritten signature. Thus, you could do real business with your Canada Post signed keys and certificates.
- Similarly, it could be law that all browsers shipped in Canada come with the Canada Post root keys and certificates. The government is the only entity with enough power to give a public crytosystem teeth.
Imagine what the Internet would be like if you could walk into a Canada Post regional office with your birth certificate, driver's license, etc. and then walk out with a signed PKCS certificate and a signed PGP key in hand.
I guarantee that our yankee buddies in Michigan would make the trip into Windsor to get their Canada Post credentials. :)
The economic eggheads are always asking, "how do we make the average person feel safe doing business on the Internet". I don't know the answer, but you certainly need a public notary that is TRUSTED. Canada Post is in a perfect position to make a public cryptosystem work.
If Canada Post had started working on their infrastructure in 1995, then it is entirely likely that Canada Post would be the de facto global notary, much like Verisign is today.
It would be nifty (and very right!) to see a guy sitting in China getting a PGP package from Zimbabwe, and saying "oooh, Cahna-DA Pawst", and trusting the message. :)