W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: Manually Signed Digest as an XML signature type

From: EKR <ekr@rtfm.com>
Date: 09 Jun 2000 16:58:10 -0700
To: tgindin@us.ibm.com
Cc: Philip Hallam-Baker <pbaker@verisign.com>, Barb Fox <bfox@Exchange.Microsoft.com>, "Joseph M. Reagle Jr." <reagle@w3.org>, w3c-ietf-xmldsig@w3.org
Message-ID: <kjpupq4dbh.fsf@romeo.rtfm.com>
tgindin@us.ibm.com writes:
>      First, your last statement that if there is no strong binding to the
> document no electronic signature mechanism is useful is valid and, I hope,
> not even controversial.  If great ease of forgery (much easier than that
> for conventional signatures, for example) can be demonstrated for a
> signature technique it is good for nothing at all.
>      I ordinarily understand the term "biometric mechanisms" to refer to
> measurements of non-voluntary characteristics (including voice prints)
> rather than to speech recordings or handwriting, and I think most people do
> as well.
>      The essential question about the mechanisms suggested here is "how
> easy and undetectable is a forgery in this case"?  Your statement that "if
> I have even one sample of handwriting I can produce forgeries" is true to
> some extent, but if taken as an absolute it would render any handwritten
> signature on a document (probably on a handwritten document, but certainly
> on a typed one) completely untrustworthy.  However, such signatures are
> routinely accepted for many purposes.
Such signatures are accepted, but not on the basis of there being
a strong binding. Otherwise, making your mark in the form of
an X wouldn't be allowed.

-Ekr
Received on Friday, 9 June 2000 19:56:52 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT