- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 22 Apr 2013 10:06:01 -0400
- To: public-webpayments@w3.org
- Message-ID: <517543C9.9000707@openlinksw.com>
On 4/22/13 4:04 AM, Henry Story wrote:
>> 3. No REQUIRED URLs for keys, making it non-trivial to figure out which
>> > key signed a message.
> We don't dissallow it either. So it's just a case of the need being felt.
> If someone uses keys to sign then perhaps they should have
>
> <sigDoc> signedWith<http://joe.me/profile#mykey>;
> signedBy<http://joe.me/profile#me> .
> sigOf <doc> .
>
>
>
How about the following, since they private key is never publicly
accessible, plus the fact that the public key is used to verify a
private key based signature:
<sigDoc> <#verifiableBy><http://joe.me/profile#mykey>;
<#signedBy><http://joe.me/profile#me> .
<#sigOf> <doc> .
--
Regards,
Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 22 April 2013 14:06:28 UTC