- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Tue, 7 Dec 1999 18:03:37 -0500
- To: "Bugbee, Larry" <Larry.Bugbee@PSS.Boeing.com>, <w3c-ietf-xmldsig@w3.org>, <rhimes@nmcourt.fed.us>
This is an important requirement for the system, I do not however accept that this automatically leads to this being a DigSig requirement Being able to process a document to detach/re-attach a signature sound to me useful and reasonable. I am not clear as to what the signatures would be doing wrt the records archive system proposed. Unless the signature is prepared in a manner that is archive friendly (signing a manifest of content + abstract) I don't see what can be usefully done with it. You have to have the content for the signature to tell you anything. A digital signature only has meaning if it has been verified. What you could do in an archive situation is to create a signature on an archive manifest covering the original document, an abstract and the original signature. Such a signature would be a second order statement (a signature attesting to the fact a signature once existed). But in the circumstance proposed that is the best that can be done. Phill > -----Original Message----- > From: w3c-ietf-xmldsig-request@w3.org > [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Bugbee, Larry > Sent: Monday, December 06, 1999 8:38 PM > To: w3c-ietf-xmldsig@w3.org; 'rhimes@nmcourt.fed.us' > Subject: Without breaking (formerly: The real crux... ) > > > Please see below... > > > ---------- > > From: rhimes@nmcourt.fed.us[SMTP:rhimes@nmcourt.fed.us] > > Sent: Monday, November 29, 1999 3:27 PM > > To: w3c-ietf-xmldsig@w3.org > > Subject: Re[2]: The real crux... > > > > [ snip ] > > > ...(the ability to > > move a document internal to/from external and external to > external without > > breaking the signature). Actually, this sounds like it should > have been a basic > > requirement, not just for me but for the generic world of applications. > > > I agree. Have we missed something or have I missed something? > ;-) Here's our situation. > > We will likely have signed documents where the content and the > signature reside in the same file, initially. Later, we may want > to store the documents in a bulk archive (some of these files are > HUGE), and keep only a striped down "shell" in a secure > repository for long-term storage (life of the airplane = 40+ > years). This "shell" might contain only a reference to the file > in bulk storage and the original signature. (The need for a > manifest may not be apparent at the time the original document is > signed.) > > How? I'm not sure, but for us it will be a requirement that the > signature not break just because we chose to later separate (or > reassemble) the document content and its signature. > > Thots? > > Larry Bugbee, Digital Signatures, Boeing >
Received on Tuesday, 7 December 1999 18:03:07 UTC