- From: <Chris_Smithies@penop.com>
- Date: Wed, 12 Apr 2000 13:35:47 +0100
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
1: some signature semantics are not application-specific in the usual sense of that term. They may not belong to all signatures, but they belong to a very large subset. 2: Joseph's example, in which the signed data contain an <approved by ="xxx"> element referring to the signature, has I think two drawbacks, neither of them fatal. 2.1: It will be hard work to allow arbitrarily many signatures to be added to a document using this approach. Subject to what John Boyer has to say, it looks to me as if a document will need to be specially designed to allow multiple signatures to be added. 2.2: Information about the signature logically belongs with the signature. Forensic examination of signatures will be complicated by the need to consult a plurality of resources in different locations in order to reconstruct the evidence of a single historical event. 3: It is not the application which defines the meaning of a signature. The application can only define whether the signature _can have_ any semantics. It is the intent of the signatory which determines what a signature actually means. (For more on application semantics, see e.g. http://www.uniroma3.it/kant/field/chinese.html.) For these reasons I think that Joseph's proposal is actually more untidy than making use of the SignatureProperties. Perhaps he would like to point out where I'm going wrong. CPK Smithies PenOp
Received on Wednesday, 12 April 2000 08:29:08 UTC