W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Source on Signer Authentication

From: John Boyer <jboyer@uwi.com>
Date: Fri, 22 Oct 1999 14:46:33 -0700
To: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIKEMHCBAA.jboyer@uwi.com>
"Signer authentication: To provide good evidence of who participated in a
transaction, a signature should indicate by whom a document or message is
signed and be difficult for any other person to produce without
authorization" [1, p. 8].

With respect to assymmetric cryptosystems,

"Signer authentication: If a public and private key pair is associated with
an identified signer as described below [document goes on to describe
certificates and CAs], a digital signature by the private key effectively
identifies the signer with the message.  The digital signature cannot be
forged by a person other than the proper signer, unless the proper signer
loses control of the private key..." [1, p.10].

[1] M. Baum & R. Schwartz. (Eds.) Digital Signature Guidelines: Legal
Infrastructure for Certification Authorities and Secure Electronic Commerce.
American Bar Association, Section of Science and Technology, 1996. Available
at: http://www.abanet.org/scitech/ec/isc/dsgfree.html

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
Received on Friday, 22 October 1999 17:46:26 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT