W3C home > Mailing lists > Public > www-forms@w3.org > April 2000

RE: Digital Signatures?

From: Rob McDougall <RMcDouga@JetForm.com>
Date: Tue, 11 Apr 2000 11:58:30 -0400
Message-ID: <311000B0752ED211B61700805F0D6B09C4B292@OTTMAIL3>
To: "'Kenneth Bandes'" <kbandes@home.com>, XForms <www-forms@w3.org>
This was discussed very early on and in the end, it was decided that it was
a "future consideration".  It's an important consideration, but not one that
we wanted to tackle in XForms 1.0.  The idea of separating out the data,
form and style was too compelling to ignore and I think that the group in
general felt that this did not preclude using digital signatures for
non-repudiation in the future.

My personal view is that including the presentation in the signature's
"fingerprint" (i.e. the signature value) is sufficient to ensure that the
data will not verify with a different presentation.  Physical transportation
and packaging of the presentation with the data is not actually required.

Rob

-----Original Message-----
From: Kenneth Bandes [mailto:kbandes@home.com]
Sent: April 10, 2000 9:13 PM
To: XForms
Subject: Digital Signatures?


The XForms requirements document pretty much just has a place holder
for a discussion of digital signatures.  I was wondering what the
current thinking of the working group was.

The three level architecture of XForms I think is exactly right and
necessary for the requirements as described.  However, there's a
white paper at the PureEdge site that makes a surprisingly strong
case for combining all these things (data, logic, and presentation)
in one unit (http://www.uwi.com/xfdl/digest/feature.html).

The argument is based on the requirement of non-repudiation,
which seems to dictate that what is being signed includes what
was reliably presented to the user.  Since, for example,
style sheets can significantly add, delete, or rearrange content,
the signature needs to include the precise display instructions
used - otherwise, the signer could claim that he had not actually
seen (or been aware of the existence of) portions of what he 
apparently signed.

I imagine this could be worked around by signing an MHTML
file or some other mime multipart/related type format,
containing the user data, form specification, and style sheet.
Is that where this stuff is headed?

Alternatively, I suppose the signature could cover URIs and
digests of the remote components.  This might mean that the data
representation (the bottom of the three layers) would contain
these URIs and checksums, verifiably indicating what form template 
and style sheet (as well as any other components, such as graphics) 
were actually presented to the user who entered this data.

Anyway, for long-term archiving of the transaction, I guess
you'd still want actual copies of these components.

I'm sure I'm just restating badly what you folks have already
figured out.  I'd be interested to hear something more
authoritative on the subject.

Thanks,
Ken Bandes
Received on Tuesday, 11 April 2000 12:00:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:47 GMT