W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Who cares what MUST be signed?

From: Daniel LaLiberte <liberte@w3.org>
Date: Mon, 6 Dec 1999 14:47:32 -0500 (EST)
Message-ID: <14412.4820.782415.445383@alceste.w3.org>
To: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
Cc: XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
 > Daniel LaLiberte writes:
 > >To reiterate, it seems that it is ONLY the verifier that cares what is
 > >signed.  When does the signer really WANT to sign something except to
 > >satisfy the needs of verifiers.  What advanatage does the signer have?
 > >A signature seems to only obligate the signer.

Four people (so far) have given good reasons for why the signer may WANT
to sign something for its own benefit, so I am reconsidering.  No one
else has disagreed with these reasons, so perhaps others also agree.

I think one result of this discussion, if we get there, is to add to the
XML-Signature Requirements document
(http://www.w3.org/TR/xmldsig-requirements) somewhere in the Design
Principles and Scope.  I don't have a proposal for what might be said,
but perhaps someone else on this list could make one.  There seems to be
a lack of any language about this issue, though I think it should be
addressed.  The closest thing is the section on "The meaning of a

Andreas Schmidt writes:
 > Regarding this general point, I have have a quite different view. I see
 > signatures as part of messages addressed to a certain recipient. Thus
 > they are special assertions that the signer wants to transmit (that is,
 > I think of signed documents as speech acts). I think the view that
 > signatures meaning and content are determined by the verifier stems from
 > the fact that, in most cases, there is a _final_ recipient (a court) who
 > takes the special role to prove or disprove the assertions made by the
 > signer - and often the signature will be practically designed after the
 > requirements of that verifier.

The requirements of the verifier (of which there may be many, with
different requirements) are what I had in mind in motivating the signer
to sign something.  But although I can see now that the signer might
also have some requirements, I'm not sure that the best way to support
this is by imposing requirements on the verifier by way of the

But these requirements are slightly different, I think, from saying that
the meaning of the signature and content are (or might be) determined by
the verifier.  In other words, the verifier might require that the
signer sign something with the semantics *as declared by the signer*
which are in agreement with what the verifier requires.

I think the general rule here is that the signer should be able to
declare any semantics it wants to, while the verifier can try to use any
semantics it can get away with, and may require certain things in order
to proceed.  If the signer wants to require something of the verifier,
perhaps it should get the verifier to sign something as well.

Just so it is clear, I am not suggesting that the XMLdsig group should
formalize specific semantics beyond the core semantics of verification.
But it does appear to be necessary to specify a standard way in which
those higher-level semantics MAY be declared, if required by an

 >   Nevertheless, I do not see which restrictions the verifyer-oriented
 > view would pose on any syntax with which one wants to express
 > general-purpose digital signatures. Could You state for example, what
 > kind of assertions and syntax would be ruled out by Your view (e.g.
 > unsigned locations) and why? In fact, I would oppose any requirement You
 > would draw from Your viewpoint, that restricts the signers expressivity
 > beyond the syntactic restrictions posed by the current draft.

I wouldn't want to restrict the signers expressivity.  So I think I am
agreeing with you on this.

Daniel LaLiberte
Received on Monday, 6 December 1999 14:47:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC