W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: Semantics in signatures

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 12 Apr 2000 16:06:26 -0400
Message-Id: <200004122006.QAA11249@torque.pothole.com>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>

From:  "Winchel 'Todd' Vincent, III" <winchel@mindspring.com>
References:  <OF6D713979.4CD7972A-ON802568BF.0043572F@com>
Date:  Wed, 12 Apr 2000 13:03:55 -0400

>I suspect you mean things like dates and times.  Dates and times are
>captured on documents/records.  Documents with dates and times are signed to
>give them additional credibility.  It is not only inappropriate to put a
>date and time in a signature, it is also dangerous.  Not only is it contrary
>to common understanding, there is the potential for conflict if the
>date/time in the document/record is different than the date/time in the
>signature.  If I sign a document that, on its face, says 1/23/2001 on it and
>a signature application embeds 12/30/2001 in it, and the two are associated,
>then what is the correct date/time?

Normally the date embedded in a signature is labeled as being the date
of the mechanical signature operation.  I don't see what's confusing
about this.  I suppose you could have a signature property that said
"ignore any date in the document, here is the true document date" but
I think it would rarely be useful and in any sufficiently powerful
expressive system, you can't stop people from making confusing or self
contradictory statements.  I believe our current syntax document only
mentions date of the signature (or digest) and hardware identifier for
crypto hardware used in calculating the signature (or digest) as
examples of appropriate properties of the signature itself to be put
into SignatureProperties.

>The primary use of SignatureProperty, IMHO, is in the case where
>multiple signatures are affixed to the same document and one of the signers
>wishes to add qualifications to his or her signature without affecting the
>document signed by the others.
>If this is the use of <SignatureProperty> then it is an improper use.  If
>Person A evidences his/her agreement on a document with a signature and then
>Person B wants to amend or qualify the agreement (by means of alterning the
>document or the signature), then you don't have an agreement, so you would
>*never* want to allow this.  There is no "meeting of the minds."

Note, Tom said "add qualifications to his or her signature".  I don't
see that as amending the fundamental agreement.  Assume some sort of
bond with multiple sureties where each indicates the monetary amount
which they are willing to be bound and when their surety expires.  It
would be much better to format the document so these things were
outside the Signatures, in little surety elements or something, but
putting that info inside SignatureProperties isn't ridiculous and I
don't see it as in really amending the agreement, which presumably is
something like "The below signatories give surerty for the faithful
performance ... by A B of their duties as ...".


Received on Wednesday, 12 April 2000 16:05:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC