W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

Re: Rationale for XML Digital Signature

From: Joseph Reagle <reagle@w3.org>
Date: Tue, 6 May 2003 12:52:03 -0400
To: "Giles Hogben" <giles.hogben@jrc.it>, "Public-P3p-Spec" <public-p3p-spec@w3.org>
Message-Id: <200305061252.03384.reagle@w3.org>

On Tuesday 06 May 2003 12:11, Giles Hogben wrote:
> It offers a "visible" sign of commitment to the privacy policy.

It does, and in as far as that happens that is a good thing. However, I have 
two comments:
1. Would it lead to the presumption that a unsigned P3P policy is somehow 
less committed to or binding?
2. Who exactly is validating the signature? This isn't something users are 
likely to comprehend or be able to easily do. (How is it that they are 
getting the service's public key for the validation, this presumes a level 
of infrastructure and knowledge which is not yet present.)

So I think a signed privacy is a nice exercise, but don't find it that 
compelling in the b2c scenario and might weaken the interpretation of a 
unsigned policy.
Received on Tuesday, 6 May 2003 12:52:08 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:24 EST