- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Wed, 12 Apr 2000 16:06:26 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
From: "Winchel 'Todd' Vincent, III" <winchel@mindspring.com> References: <OF6D713979.4CD7972A-ON802568BF.0043572F@com> Date: Wed, 12 Apr 2000 13:03:55 -0400 >... > >I suspect you mean things like dates and times. Dates and times are >captured on documents/records. Documents with dates and times are signed to >give them additional credibility. It is not only inappropriate to put a >date and time in a signature, it is also dangerous. Not only is it contrary >to common understanding, there is the potential for conflict if the >date/time in the document/record is different than the date/time in the >signature. If I sign a document that, on its face, says 1/23/2001 on it and >a signature application embeds 12/30/2001 in it, and the two are associated, >then what is the correct date/time? Normally the date embedded in a signature is labeled as being the date of the mechanical signature operation. I don't see what's confusing about this. I suppose you could have a signature property that said "ignore any date in the document, here is the true document date" but I think it would rarely be useful and in any sufficiently powerful expressive system, you can't stop people from making confusing or self contradictory statements. I believe our current syntax document only mentions date of the signature (or digest) and hardware identifier for crypto hardware used in calculating the signature (or digest) as examples of appropriate properties of the signature itself to be put into SignatureProperties. >... > ><Tom> >The primary use of SignatureProperty, IMHO, is in the case where >multiple signatures are affixed to the same document and one of the signers >wishes to add qualifications to his or her signature without affecting the >document signed by the others. ></Tom> > >If this is the use of <SignatureProperty> then it is an improper use. If >Person A evidences his/her agreement on a document with a signature and then >Person B wants to amend or qualify the agreement (by means of alterning the >document or the signature), then you don't have an agreement, so you would >*never* want to allow this. There is no "meeting of the minds." Note, Tom said "add qualifications to his or her signature". I don't see that as amending the fundamental agreement. Assume some sort of bond with multiple sureties where each indicates the monetary amount which they are willing to be bound and when their surety expires. It would be much better to format the document so these things were outside the Signatures, in little surety elements or something, but putting that info inside SignatureProperties isn't ridiculous and I don't see it as in really amending the agreement, which presumably is something like "The below signatories give surerty for the faithful performance ... by A B of their duties as ...". >... > >Todd Donald
Received on Wednesday, 12 April 2000 16:05:25 UTC