- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 18 Jun 1999 11:31:59 -0400
- To: "Bugbee, Larry" <Larry.Bugbee@PSS.Boeing.com>
- Cc: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
At 12:03 PM 6/16/99 -0700, Bugbee, Larry wrote: > 1. If person A signs a portion of a document and it is > altered and signed by B, will you be able to later > know what A signed? If their alteration causes a change in the byte value of the canonical XML, they will invalidate A's signature. There are two options, they retain A's content/signature and modify/sign a variant copy, and pass both on. Or they keep A's copy, and represent the diffs using something like XSL. For instance, if you created a document and signed it, and I wanted to tweak it or annotate it, perhaps I could do this using a chunk of XSL or XML/XPtr annotations which I can then sign. I'm hoping some of the application developers in the group would have more thoughts on this. We specify no requirements on any of this presently, though I'm open to suggestions. > 2. Are there plans to incorporate timestamps stronger > than a simple ASCII date/time? (3rd party notaries) My opinion is that sophisticated time stamps are trust-decision semantics that should be layered atop the signature validity work. I'll try to reflect this in the RD. > 3. Does this activity plan to address the encryption of > selected XML content? Should it? Or should there > be an explicit statement that confidentiality is not > being addressed? Good thing to state regardless, not sure how everyone feels. Presently, we are not addressing confidentiality though Brown asserts it is easily achievable with the elements in his proposal. _________________________________________________________ Joseph Reagle Jr. Policy Analyst mailto:reagle@w3.org XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Friday, 18 June 1999 11:32:06 UTC