- From: Daniel LaLiberte <liberte@w3.org>
- Date: Mon, 6 Dec 1999 14:47:32 -0500 (EST)
- To: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
- Cc: XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
> Daniel LaLiberte writes: > >To reiterate, it seems that it is ONLY the verifier that cares what is > >signed. When does the signer really WANT to sign something except to > >satisfy the needs of verifiers. What advanatage does the signer have? > >A signature seems to only obligate the signer. Four people (so far) have given good reasons for why the signer may WANT to sign something for its own benefit, so I am reconsidering. No one else has disagreed with these reasons, so perhaps others also agree. I think one result of this discussion, if we get there, is to add to the XML-Signature Requirements document (http://www.w3.org/TR/xmldsig-requirements) somewhere in the Design Principles and Scope. I don't have a proposal for what might be said, but perhaps someone else on this list could make one. There seems to be a lack of any language about this issue, though I think it should be addressed. The closest thing is the section on "The meaning of a signature". Andreas Schmidt writes: > Regarding this general point, I have have a quite different view. I see > signatures as part of messages addressed to a certain recipient. Thus > they are special assertions that the signer wants to transmit (that is, > I think of signed documents as speech acts). I think the view that > signatures meaning and content are determined by the verifier stems from > the fact that, in most cases, there is a _final_ recipient (a court) who > takes the special role to prove or disprove the assertions made by the > signer - and often the signature will be practically designed after the > requirements of that verifier. The requirements of the verifier (of which there may be many, with different requirements) are what I had in mind in motivating the signer to sign something. But although I can see now that the signer might also have some requirements, I'm not sure that the best way to support this is by imposing requirements on the verifier by way of the signature. But these requirements are slightly different, I think, from saying that the meaning of the signature and content are (or might be) determined by the verifier. In other words, the verifier might require that the signer sign something with the semantics *as declared by the signer* which are in agreement with what the verifier requires. I think the general rule here is that the signer should be able to declare any semantics it wants to, while the verifier can try to use any semantics it can get away with, and may require certain things in order to proceed. If the signer wants to require something of the verifier, perhaps it should get the verifier to sign something as well. Just so it is clear, I am not suggesting that the XMLdsig group should formalize specific semantics beyond the core semantics of verification. But it does appear to be necessary to specify a standard way in which those higher-level semantics MAY be declared, if required by an application. > Nevertheless, I do not see which restrictions the verifyer-oriented > view would pose on any syntax with which one wants to express > general-purpose digital signatures. Could You state for example, what > kind of assertions and syntax would be ruled out by Your view (e.g. > unsigned locations) and why? In fact, I would oppose any requirement You > would draw from Your viewpoint, that restricts the signers expressivity > beyond the syntactic restrictions posed by the current draft. I wouldn't want to restrict the signers expressivity. So I think I am agreeing with you on this. -- Daniel LaLiberte liberte@w3.org
Received on Monday, 6 December 1999 14:47:39 UTC