- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 2 Nov 2006 09:27:33 +0100
Digital signatures is as you say just a variation of authentication. The things that the DS people wants to add are: - A "process" that differs from authentication from the user's point of view - A persistent trace of the authenticated operation. This is what the signature adds to the picture. HTTPS with client-side certificates have no connection to content data since it occurs at the transport level. Digital signatures are created at the application-level in the schemes that Channy and I talk about. But it is a fact that strong authentication is an alternative to digital signatures but some of use are trying to change that, not only for legal reasons but for making a difference between "login" and "accept". Anders ----- Original Message ----- From: "Alexey Feldgendler" <alexey@feldgendler.ru> To: <whatwg at lists.whatwg.org> Sent: Wednesday, November 01, 2006 09:29 Subject: Re: [whatwg] Browser Signature Standards Proposal On Wed, 01 Nov 2006 14:22:15 +0600, Channy Yun <channy at gmail.com> wrote: >> What benefit does this provide over simply using HTTPS with a client-side >> certificate? > Using HTTPS with a client-side certificate doesn't support digital > signature.The digital signature is same with the signing or stamp of > contract in real world. Many governments encourage to add digital > signature to transactional data (form data). It legally assures data > and transactions signed(added digital signature) by user's > certificates. The purpose of a digital signature is to certify that the data submitted by the client were not forged by an attacker. HTTPS with a client-side certificate ensures the same. -- Alexey Feldgendler <alexey at feldgendler.ru> [ICQ: 115226275] http://feldgendler.livejournal.com
Received on Thursday, 2 November 2006 00:27:33 UTC