Re: Multiple signatures on multiple files from David Wall on 2002-07-29 (w3c-ietf-xmldsig@w3.org from July to September 2002)

From: David Wall <dwall@Yozons.com>
Date: Mon, 29 Jul 2002 10:36:51 -0700
To: <reagle@w3.org>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <024701c23726$86413320$5a2b7ad8@expertrade.com>

Thanks.  I think I understand how to do this, though it does mean we'll have
to rev our signatures (something we've already accounted for with our
'version' attribute).

> I still can't say I undestand since you still seem to have your own
> signature scheme (and use say the first signature is, " composed of the
> elements: attachment.messageId, attachment.id, fileSize, createdTimestamp,
> signedWithName, realSignedTimestamp, originalName, contentType, rawData,
> preText, and postText and ipAddr." How do you know that?

We "know" that because it's part of our published standard for how the
signature is calculated (and pre-dates XML Signature).  Of course, we'd like
to use XML Signatures since it essentially has the data we have, but also
the processing steps defined within so that an external app can recalculate
on its own without having to know specifically the order in which data
elements were applied to the signature algorithm.  Today, we publish the
info so that it can be verified independently without requiring our
software, though few ever make use of another system.  At least with a
standard format, we'll be compatible going forward.

> If you want to sign the *actual* attachment (instead of the
> attement element iwth id = "a1") you would need a transform that isolates
> the element content (e.g., XPath). You could further decode the base64
data
> in that element content, as decribed in:
>   http://www.w3.org/TR/xmldsig-core/#sec-Object

Has anybody decided whether signing the "real data" versus signing the
"hash" has any legal implications?  My impression from a crypto perspective
is that it should be the same since the guarantees are the same, though it's
interesting because the person is now digitally signing meta data and a hash
of a document, rather than the document itself.  The question now is whether
anybody will care since I think the binding of the party to the document
would be of the same quality (after all, the digital signature on the "real
data" is just a hash anyway).  People probably don't care one way or the
other since it's all pretty much indecipherable to them, but when lawyers
are involved, you just never know!

David

Received on Monday, 29 July 2002 13:36:44 UTC