RE: RE: Without breaking (formerly: The real crux... ) from Phillip M Hallam-Baker on 1999-12-08 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Wed, 8 Dec 1999 14:00:49 -0500
To: <rhimes@nmcourt.fed.us>, <Larry.Bugbee@PSS.Boeing.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <002001bf41ae$8a7fa7c0$6e07a8c0@pbaker-pc.verisign.com>

  If we
> need to access or validate a particular PDF, we can use the 
> signature in the XML
> document, otherwise it is just part of the identifying information.

I am still unclear as to the issue here. Either we have a 
manifest that breaks down the huge document into components or
we have one huge blob.

Case A) We have a Manifest.
	We can validate any component in the manifest that is
	available to us. This is already supported.

Case B)We have a huge chunk of data signed as a single unit.
	We might as well store the signature with the BLOB in the
	archive. The signature is of zero utility without the
	accompanying data.


Clearly a document management system should be able to track two
related documents (the BLOB and its signature) in the archive.

I still don't see how that this creates any new requirements.

Document management systems should support meta-data. That is a
document management system requirement, not a dig sig requirement.
signatures are only one of hundreds of types of Meta-data that
the DMS should be able to manage.


> >You have to have the content for the signature to tell you anything. 
> >A digital signature only has meaning if it has been verified.
> 
> Well, sort of.  My take is that checking the signature is 
> optional (see above). 

If you don't check the signature it tells you nothing. 

> It's there when you need it.  A good example of a detached 
> signature is a time
> stamp system.  You send a signature and get it officially time 
> stamped to, for
> example, help prove that you came up with an idea first.  The 
> idea can remain
> undisclosed until the "proof" is needed.

The timestamp is a signature on a document. To give meaning to the 
timestamp you need to read that document. That document also happens
to be a signature on yet a third document. 

You are right in pointing out that to give meaning to a timestamp 
you don't have to derefference the entire chain of authenticated 
data.

All this points to is that signatures have to be first class objects
which is already a requirement.

> Knowing that a signature "once existed" sounds pretty useless to 
> me.  I don't
> buy that this is the best that can be done.

Actually this is what your timestamp is.

		Phill

Received on Wednesday, 8 December 1999 14:00:16 UTC