W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

RE: Signing and Encryption

From: Martin Franklin <MFranklin@STELLCOM.com>
Date: Mon, 29 Jan 2001 13:16:21 -0800
Message-ID: <6BCDCDFAB19FD4119CE300508B9B06EA188593@izar2.stellcom.com>
To: "'Joseph Ashwood'" <jashwood@arcot.com>, meadowsj <meadowsj@nobs.ca.boeing.com>, xml-encryption@w3.org

Here's ome example I found 

Asokan, Shoup, and Waidner: Fair Exchange of Digital Signatures
At EUROCRYPT '98, Asokan, Shoup, and Waidner extended optimistic protocols
to fair exchange [1]. In their protocol, Alice and Bob send encrypted
signatures to each other. Then they prove to each other that the encryptions
really do contain digital signatures, and that these are signatures on the
correct documents. Finally, they send each other decryption keys.

If something goes wrong, a third party can step in and use the "proofs of
correct encryption" to verify that all has gone well up to a point. Then the
third party can take some course of action, such as terminating the protocol
or decrypting the signatures for both parties.

This is from http://www.acm.org/crossroads/xrds7-1/contract.html

> Martin Franklin
> Principal Engineer
> s t e l l c o m
> San Diego, CA
> mfranklin@stellcom.com
> (858) 947-1572
> www.stellcom.com

-----Original Message-----
From: Joseph Ashwood [mailto:jashwood@arcot.com]
Sent: Monday, January 29, 2001 12:55 PM
To: meadowsj; xml-encryption@w3.org
Subject: Re: Signing and Encryption

----- Original Message -----
From: "meadowsj" <meadowsj@nobs.ca.boeing.com>
To: <xml-encryption@w3.org>; <jashwood@arcot.com>
> If signing a document is akin to making an assertion about a document,
> I could perceive some value in keeping certain assertions made about a
> document private from third parties. I'm hard pressed to think of an
> example where storing those assertions with the document would be an
> absolute necessity however, so perhaps it's a non-issue.
> Cheers,
> Joe Meadows

Actually that's a very good point that hadn't occured to me. I'm still at a
loss of any examples where knowledge of the document must be public
knowledge but the signer cannot be, except possibly to give anonymous
testimony to something, where the testimony could be verified later. Maybe
that's enough. I'm not sure it would seem to be a business end of things,
and I'm an engineering end. Does anyone have any examples? Or is this a
non-issue from the business end also. Or would simply forcing detached
signatures with out of band ordering information be enough?

Received on Monday, 29 January 2001 16:19:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC