W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Comments on XML-Signature Core Syntax

From: <tgindin@us.ibm.com>
Date: Fri, 29 Oct 1999 17:18:45 -0400
To: XML-DSIG <w3c-ietf-xmldsig@w3.org>
Message-ID: <85256819.0075141B.00@D51MTA05.pok.ibm.com>
     Is there agreement that  the equivalent of PKCS-7 or CMS authenticated
attributes go into SignatureProperties?  I do think that the equivalents of
CMS authenticated attributes are very valuable in signing applications.  In
particular, in something like a notary service, the most natural form for
an "attestation" by a witness is a CMS authenticated attribute.  An example
of what I mean would be something like the following:
A)   An American notary (no extra legal powers) checks the photographic ID
of the customer who wants a signature notarized.
B)   Today, the notary adds the details of the ID to a large bound book
which is kept under lock and key.
C)   In CMS or PKCS-7, the natural thing to do would be to add an
authenticated attribute for "checked driver's license" or "checked
passport" to the base of the notary's signature, with a value containing,
among other things, "common name", "issuing jurisdiction", "serial number",
and "validity period".  Losing this capability in XML signing would not,
IMHO, be a good thing.

     The notary's signature would be applied to the base document, to the
customer's signature, to the signing time, and to the attestations
together.

          Tom Gindin
Received on Friday, 29 October 1999 17:20:21 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT