W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re:RE: Without breaking (formerly: The real crux... )

From: <rhimes@nmcourt.fed.us>
Date: Wed, 08 Dec 1999 09:56:33 -0700
Message-Id: <9912089446.AA944672245@nmcourt.fed.us>
To: <pbaker@verisign.com>, <Larry.Bugbee@PSS.Boeing.com>, <w3c-ietf-xmldsig@w3.org>

Phill wrote:


>This is an important requirement for the system, I do not however accept
>that this automatically leads to this being a DigSig requirement 

>Being able to process a document to detach/re-attach a signature sound
>to me useful and reasonable.

>I am not clear as to what the signatures would be doing wrt the records
>archive system proposed. Unless the signature is prepared in a manner that
>is archive friendly (signing a manifest of content + abstract) I don't
>see what can be usefully done with it. 

I'll repeat the court filing example.  An attorney now creates a PDF document, a
pleading to be filed.  These PDF documents can be huge.  The PDF is
base64-encoded and packaged in an XML document.  The XML document has
identifying information needed to index the document (such as case number and
brief description).  In addition, we would like to carry a digital signature in
the XML document computed over the original PDF format.  This XML document with
the enclosed PDF can then be transported from a law firm to the court, court to
court, and so on, and be validated before it is accepted.  At the court, we want
to separate the PDF from the XML document and store the PDF in a file system. 
The XML documents can be stored separately (perhaps in an object database) and
used to reference the PDF document (now thru a URI in the XML document).  Note
that the XML document has useful information independent of the PDF.  We might
just want to know what documents are in a case, by short description.  If we
need to access or validate a particular PDF, we can use the signature in the XML
document, otherwise it is just part of the identifying information.

One reason for separating the two is that we have found that giant BLOBS in a
database cause a big penalty in access time.  The other reason is that current
automated indexing systems work on native formats (for example, scan the file
directories for all PDFs that contain the word "abuse" within three words of the
word "child").

Larry seems to have a similar situation at Boeing, and maybe he would like to
elaborate.

>You have to have the content for the signature to tell you anything. 
>A digital signature only has meaning if it has been verified.

Well, sort of.  My take is that checking the signature is optional (see above). 
It's there when you need it.  A good example of a detached signature is a time
stamp system.  You send a signature and get it officially time stamped to, for
example, help prove that you came up with an idea first.  The idea can remain
undisclosed until the "proof" is needed.

>What you could do in an archive situation is to create a signature on
>an archive manifest covering the original document, an abstract and
>the original signature.

>Such a signature would be a second order statement (a signature attesting
>to the fact a signature once existed). But in the circumstance proposed
>that is the best that can be done.

Knowing that a signature "once existed" sounds pretty useless to me.  I don't
buy that this is the best that can be done.

Thanks,
Rich
Received on Wednesday, 8 December 1999 12:00:02 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT