- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 29 Jul 1999 12:04:21 -0400
- To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
- Cc: "Barb Fox (Exchange)" <bfox@Exchange.Microsoft.com>, "John Boyer" <jboyer@uwi.com>, "'DSig Group'" <w3c-ietf-xmldsig@w3.org>
At 11:30 AM 7/29/99 -0400, Phillip M Hallam-Baker wrote:
>One specific condition I have been considering is the case in
>which an XML message represents a negotiable instrument (e.g.
>a Bill of Lading).
Had you been at the meeting, hopefully I would've convinced you this is a
trust application decision <smile>, and is not related to whether
(valid:signed-resource == true)
signed-resource(I, C, key, sig): there was some request R such that
GET(R) = C and address(R) = I and sign-doc(C, key, sig)
sign-doc(C, key, sig): sig is the value of a strong one-way function over
content and key that yields C integrity/validity and K
non-repudiability
>The conditions of validity for which can
>only be understood in the context of a particular rule book.
>In this case I would like to ensure that clients which are
>not aware of the requirements of a specific rule book do not
>erroneously validate the signature.
Again, I would like to redefine "validate" specifically to signature
validation, not trust evaluation/inference. I think you were speaking of the
ability to make application statements such that one can make a useful
inference:
trusted-statement(signed-resource(I, C, key, sig)): where
(signed-resource(I, C, key, sig) and (C consists of assertions {S1, S2, S3})
and infer(S1,S2,S3).
(As I continue on in my bungled notation! Any logic weenies out there?)
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Thursday, 29 July 1999 12:04:21 UTC