- From: Richard D. Brown <rdbrown@Globeset.com>
- Date: Wed, 21 Jul 1999 13:41:45 -0500
- To: "'Chris Smithies'" <Chris_Smithies@penop.com>, <w3c-ietf-xmldsig@w3.org>
Chris, If deemed necessary, grouping of signature elements can still be specified by the application DTD. I would rather keep the XMLDSIG specification (syntax and procedures) and its associated data model as simple as possible as long as it does not preclude any option at the application level. On the other hand, I do not share your point of view WRT the benefit from an evidentiary standpoint. Quite systematically, attachment of multiple signatures to a document raises the problem of validity if at least one signature is deemed valid while some cannot be verified or are deemed invalid. I think that there are two scenario where multiple signatures would be applied by a same person, for a same intent, and a same content: 1- plurality of recipients having different trust or key management requirements: In such circumstances, it is probable that a given recipient will not be able to verify the signatures intented for others. Therefore, there is no evidentiary benefits since the recipient cannot assess the validity of the signature stack. 2- application/regulation requires that multiple 'marks' be attached to the document: A real world example would be applying a manual signature on top of the organization stamp (though one could argue that in this case there are two different signers). Such requirement could make sense only if all the marks can be verified by the recipients. In such circumstances, grouping certainly helps evidence that all the marks have been attached. But such a requirement seems very much application specific and I would rather let the application deal with it. To some extents, this reminds me about counter-signature, which is already left to the application layer (mostly an authorization issue). Sincerely, Richard D. Brown Software Architect - R&D Globeset, Inc. Austin, TX - U.S. > -----Original Message----- > From: w3c-ietf-xmldsig-request@w3.org > [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Chris Smithies > Sent: Wednesday, July 21, 1999 8:59 AM > To: w3c-ietf-xmldsig@w3.org > Subject: Multiple signatures in a sig_block > > > > > The value of allowing multiple Signature elements in a > SigBlock (sig_block, > signatureBlock, whatever...) is that in the future, multiple signing > technologies may well be used in the course of the same > transaction, with > the same intent, by the same person, governing the same > content. It may > also be that different signature standards are required by different > recipients of the document. It would clearly be efficient and > useful from a > procedural and evidentiary point of view for these signatures to be > combined together into a single entity. >
Received on Wednesday, 21 July 1999 14:42:10 UTC