- From: <tgindin@us.ibm.com>
- Date: Mon, 12 Jun 2000 20:17:22 -0400
- To: "Barb Fox" <bfox@Exchange.Microsoft.com>
- cc: w3c-ietf-xmldsig@w3.org, reagle@w3.org
To avoid foreclosing subsequent versions of the standard from covering
general electronic signatures, I propose that the third sentence of
Barbara's text be changed to the following: "However, the present version
of this specification REQUIRES cryptographic SignatureMethods for
SignatureValue generation and verification, and these methods shall require
at least one cryptographic key for verification." The last clause rules
out pure digest algorithms, without which the requirement has little
effect.
Tom Gindin
"Barb Fox" <bfox@Exchange.Microsoft.com> on 06/12/2000 04:37:36 PM
To: w3c-ietf-xmldsig@w3.org
cc: reagle@w3.org
Subject: Section 6.1
To close on the issue of electronic signatures, I propose that the
following text be included as paragraph two in Section 6.1, Algorithm
Identifiers and Implementation Requirements:
"This specification defines a set of algorithms, their URIs, and
requirements
for implementation. In general, requirements apply to
implementations, not to signature use. However, this specification
REQUIRES cryptographic
SignatureMethods for SignatureValue generation and verification. Other
authenticators (electronic, biometric, etc.) may be included ONLY as a
supplement to the cryptographic signature via the SignatureProperty
element
type."
This should remove any ambiguity.
--Barb
Received on Monday, 12 June 2000 20:18:05 UTC