W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: Manually Signed Digest as an XML signature type

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 05 Jun 2000 16:55:16 -0400
Message-Id: <>
To: tgindin@us.ibm.com
Cc: w3c-ietf-xmldsig@w3.org
At 07:31 PM 5/31/00 -0400, tgindin@us.ibm.com wrote:
 >     Is there any point in the current draft which would need to be changed
 >to make allowances for someone to define a  "manually verifiable" signature
 >technique in this connection? 

I hope not. The intent of the design is to permit externally defined
signature techniques and not become a repository for all signature profiles. 

 >1    A new value for SignatureMethod "manuallySignedDigest".  This value
 >for SignatureMethod implies that the SignatureValue itself consists of the
 >base 64 encoding of the message digest and is not signed.  This method's
 >main parameter is a reference to a SignatureProperty containing the manual
 >signature.  It might also accept a parameter giving the data type of the
 >manual signature.
 >2    The manual signature itself, in a SignatureProperty.  This manual
 >signature should contain a voice recording, transcribed signature, or the
 >like which is performed by the user (signed with handwriting or spoken) and
 >in which the user him/herself records the message digest.
If I was designing this application, my initial though would've been to
place this data in KeyInfo:

"KeyInfo is an optional element that enables the recipient(s) to obtain the
key(s) needed to validate the signature."

"Additional information items concerning the generation of the signature(s)
can be placed in a SignatureProperty element."

My own distinction between these two things is that KeyInfo is the
information necessary to procedurally generate/confirm the SignatureValue
octets and any of its metadata (like a signed cert); SignatureProperties is
other data relevant to application/trust decisions about the
assuredness/trustworthiness of that SignatureValue. If others agree, we
could try to make this clearer...

Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 5 June 2000 16:55:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC