W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: Manually Signed Digest as an XML signature type

From: <tgindin@us.ibm.com>
Date: Mon, 5 Jun 2000 20:32:58 -0400
To: "Barb Fox" <bfox@Exchange.Microsoft.com>
cc: "Joseph M. Reagle Jr." <reagle@w3.org>, w3c-ietf-xmldsig@w3.org
Message-ID: <852568F6.000304E2.00@D51MTA04.pok.ibm.com>
     Does your last statement mean that you believe that a separate
standard should later be produced for non-digital electronic signatures of
XML documents, or that you believe that the existence of such signatures
should not be encouraged?  If a separate standard is produced, it should
borrow a very large fraction of the syntax from this standard.
     I would not object to wording like "no signature object is in
compliance with this version of the standard unless it contains a
SignatureValue which may be verified by purely cryptographic means", as
long as "this version" is present.

          Tom Gindin

"Barb Fox" <bfox@Exchange.Microsoft.com> on 06/05/2000 08:13:29 PM

To:   "Joseph M. Reagle Jr." <reagle@w3.org>
cc:   Tom Gindin/Watson/IBM@IBMUS, <w3c-ietf-xmldsig@w3.org>
Subject:  RE: Manually Signed Digest as an XML signature type


Your definition of KeyInfo is information related to the generation of the
Mine is that KeyInfo is information required by the verifier of a
signature.  There are several forms, like KeyName, that illustrate that
it's not intended to be used in the generation of a signature.

Also, in your choice between:

"A. Non cryptographic electronic signatures should place their "validating"
information in SignatureProperties, or
B. Non cryptographic electronic signatures can not use XML Signature syntax
what-so-ever. (Specifying this would be difficult as we would then have to
enumerate all the algorithms that may be used, or all those that may not,
and it's difficult to enforce.)"

I believe we should clearly state that compliance with this standard
requires that a cryptographic signature MUST be generated (or verified.) If
the producer of a cryptographically signed XML document wishes to add an
electronic signature, it should be included as a SignatureProperty.

Received on Monday, 5 June 2000 20:33:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC