Re: Who cares what MUST be signed? (was Locations...) from tgindin@us.ibm.com on 1999-12-01 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: <tgindin@us.ibm.com>
Date: Wed, 1 Dec 1999 11:55:43 -0500
To: Daniel LaLiberte <liberte@w3.org>
cc: Mark Bartel <mbartel@thistle.ca>, w3c-ietf-xmldsig@w3.org
Message-ID: <8525683A.005CFAAA.00@D51MTA05.pok.ibm.com>

Daniel LaLiberte <liberte@w3.org>@w3.org on 12/01/99 10:55:06 AM

Sent by:  w3c-ietf-xmldsig-request@w3.org

To:   Mark Bartel <mbartel@thistle.ca>
cc:   w3c-ietf-xmldsig@w3.org
Subject:  Who cares what MUST be signed? (was Locations...)

Mark Bartel writes:
 > 2. The signer of the document, not the verifier, determines what is
 > important to be signed.
 >
 > I disagree with this.  I think both the signer and the verifier do this
 > determination.  It depends on the nature of the interaction.  I submit
the
 > following points:

I agree with Mark, for the reasons stated.  This issue seems
fundamentally important to the goals and requirements of signatures and
until this is worked out, there are likely to be misunderstandings and
disagreements elsewhere, as is evident from the discussions of the past
several weeks.

To reiterate, it seems that it is ONLY the verifier that cares what is
signed.  When does the signer really WANT to sign something except to
satisfy the needs of verifiers.  What advanatage does the signer have?
A signature seems to only obligate the signer.

I'll leave open the possibility that there is some advantage for the
signer, regardless of the needs of verifiers, but I can't think of any
right now.  Please provide some examples to inform this discussion.

[Tom Gindin]  If a signature is time-stamped reliably, a signature is
almost as likely to benefit the signer rather than obligating him.  It can
establish the time of an application or bid, or it can establish that a
signer already knew something at the time of the document's generation,
which may be important in an intellectual property case.

 > a) The signer cares that *sufficient* information is signed.

...sufficient for the purposes of satisfying the needs of the verifier.

 > b) The verifier only cares that the information relevant to it is
signed.
 > c) If the verifier chooses to ignore signed information, that doesn't
change
 > the assertion that the signer made.

Right.

[Tom Gindin]   Frequently, especially in non-repudiation, there are
multiple verifiers.  The original verifier is usually the relying party,
while the later (usually much later) verifier is an independent arbiter.
That arbiter is almost as likely to have been brought in by the signer as
by the relying party.

 > d) If the signer is making an assertion intended to have legal force
(which
 > will frequently not be the case), they will be concerned that
information
 > that they are *not* asserting is *not* signed.

Right.

 (snip)

Received on Wednesday, 1 December 1999 11:57:26 UTC