W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Without breaking (formerly: The real crux... )

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Tue, 7 Dec 1999 18:03:37 -0500
To: "Bugbee, Larry" <Larry.Bugbee@PSS.Boeing.com>, <w3c-ietf-xmldsig@w3.org>, <rhimes@nmcourt.fed.us>
Message-ID: <003e01bf4107$4b37fc40$6e07a8c0@pbaker-pc.verisign.com>
This is an important requirement for the system, I do not however accept
that this automatically leads to this being a DigSig requirement 

Being able to process a document to detach/re-attach a signature sound
to me useful and reasonable.

I am not clear as to what the signatures would be doing wrt the records
archive system proposed. Unless the signature is prepared in a manner that
is archive friendly (signing a manifest of content + abstract) I don't
see what can be usefully done with it. 

You have to have the content for the signature to tell you anything. 
A digital signature only has meaning if it has been verified.


What you could do in an archive situation is to create a signature on
an archive manifest covering the original document, an abstract and
the original signature.

Such a signature would be a second order statement (a signature attesting
to the fact a signature once existed). But in the circumstance proposed
that is the best that can be done.

		Phill


> -----Original Message-----
> From: w3c-ietf-xmldsig-request@w3.org
> [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Bugbee, Larry
> Sent: Monday, December 06, 1999 8:38 PM
> To: w3c-ietf-xmldsig@w3.org; 'rhimes@nmcourt.fed.us'
> Subject: Without breaking (formerly: The real crux... )
> 
> 
> Please see below...
> 
> > ----------
> > From: 	rhimes@nmcourt.fed.us[SMTP:rhimes@nmcourt.fed.us]
> > Sent: 	Monday, November 29, 1999 3:27 PM
> > To: 	w3c-ietf-xmldsig@w3.org
> > Subject: 	Re[2]: The real crux... 
> > 
> > [ snip ]
> > 
> 	...(the ability to
> > move a document internal to/from external and external to 
> external without
> > breaking the signature).  Actually, this sounds like it should 
> have been a basic
> > requirement, not just for me but for the generic world of applications.
> > 
> I agree.  Have we missed something or have I missed something?  
> ;-)  Here's our situation.
> 
> We will likely have signed documents where the content and the 
> signature reside in the same file, initially.  Later, we may want 
> to store the documents in a bulk archive (some of these files are 
> HUGE), and keep only a striped down "shell" in a secure 
> repository for long-term storage (life of the airplane = 40+ 
> years).  This "shell" might contain only a reference to the file 
> in bulk storage and the original signature.  (The need for a 
> manifest may not be apparent at the time the original document is 
> signed.)  
> 
> How?  I'm not sure, but for us it will be a requirement that the 
> signature not break just because we chose to later separate (or 
> reassemble) the document content and its signature.
> 
> Thots?
> 
> Larry Bugbee, Digital Signatures, Boeing
> 
Received on Tuesday, 7 December 1999 18:03:07 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT