- From: <rhimes@nmcourt.fed.us>
- Date: Wed, 08 Dec 1999 09:56:33 -0700
- To: <pbaker@verisign.com>, <Larry.Bugbee@PSS.Boeing.com>, <w3c-ietf-xmldsig@w3.org>
Phill wrote: >This is an important requirement for the system, I do not however accept >that this automatically leads to this being a DigSig requirement >Being able to process a document to detach/re-attach a signature sound >to me useful and reasonable. >I am not clear as to what the signatures would be doing wrt the records >archive system proposed. Unless the signature is prepared in a manner that >is archive friendly (signing a manifest of content + abstract) I don't >see what can be usefully done with it. I'll repeat the court filing example. An attorney now creates a PDF document, a pleading to be filed. These PDF documents can be huge. The PDF is base64-encoded and packaged in an XML document. The XML document has identifying information needed to index the document (such as case number and brief description). In addition, we would like to carry a digital signature in the XML document computed over the original PDF format. This XML document with the enclosed PDF can then be transported from a law firm to the court, court to court, and so on, and be validated before it is accepted. At the court, we want to separate the PDF from the XML document and store the PDF in a file system. The XML documents can be stored separately (perhaps in an object database) and used to reference the PDF document (now thru a URI in the XML document). Note that the XML document has useful information independent of the PDF. We might just want to know what documents are in a case, by short description. If we need to access or validate a particular PDF, we can use the signature in the XML document, otherwise it is just part of the identifying information. One reason for separating the two is that we have found that giant BLOBS in a database cause a big penalty in access time. The other reason is that current automated indexing systems work on native formats (for example, scan the file directories for all PDFs that contain the word "abuse" within three words of the word "child"). Larry seems to have a similar situation at Boeing, and maybe he would like to elaborate. >You have to have the content for the signature to tell you anything. >A digital signature only has meaning if it has been verified. Well, sort of. My take is that checking the signature is optional (see above). It's there when you need it. A good example of a detached signature is a time stamp system. You send a signature and get it officially time stamped to, for example, help prove that you came up with an idea first. The idea can remain undisclosed until the "proof" is needed. >What you could do in an archive situation is to create a signature on >an archive manifest covering the original document, an abstract and >the original signature. >Such a signature would be a second order statement (a signature attesting >to the fact a signature once existed). But in the circumstance proposed >that is the best that can be done. Knowing that a signature "once existed" sounds pretty useless to me. I don't buy that this is the best that can be done. Thanks, Rich
Received on Wednesday, 8 December 1999 12:00:02 UTC