W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: Section 6.1

From: <tgindin@us.ibm.com>
Date: Mon, 12 Jun 2000 20:17:22 -0400
To: "Barb Fox" <bfox@Exchange.Microsoft.com>
cc: w3c-ietf-xmldsig@w3.org, reagle@w3.org
Message-ID: <852568FD.00019826.00@D51MTA04.pok.ibm.com>
     To avoid foreclosing subsequent versions of the standard from covering
general electronic signatures, I propose that the third sentence of
Barbara's text be changed to the following:  "However, the present version
of this specification REQUIRES cryptographic SignatureMethods for
SignatureValue generation and verification, and these methods shall require
at least one cryptographic key for verification."  The last clause rules
out pure digest algorithms, without which the requirement has little
effect.

          Tom Gindin


"Barb Fox" <bfox@Exchange.Microsoft.com> on 06/12/2000 04:37:36 PM

To:   w3c-ietf-xmldsig@w3.org
cc:   reagle@w3.org
Subject:  Section 6.1




To close on the issue of electronic signatures, I propose that the
following text be included as paragraph two in Section 6.1, Algorithm
Identifiers and Implementation Requirements:

"This specification defines a set of algorithms, their URIs, and
requirements
for implementation. In general, requirements apply to
implementations, not to signature use. However, this specification
REQUIRES cryptographic
SignatureMethods for SignatureValue generation and verification. Other
authenticators (electronic, biometric, etc.) may be included ONLY as a
supplement to the cryptographic signature via the SignatureProperty
element
type."

This should remove any ambiguity.

--Barb
Received on Monday, 12 June 2000 20:18:05 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT