- From: John Messing <jmessing@law-on-line.com>
- Date: Tue, 23 May 2000 06:34:14 -0700
- To: "\"IETF/W3C XML-DSig WG\"" <w3c-ietf-xmldsig@w3.org>
- Message-ID: <002701bfc4bb$97c23980$0224c5a9@lawwg0kcnqeri6>
I sense that this element does not fit elegantly into the overall work of this group and if it had its own consciousness, would probably feel a little bit like the character in the children's story of Cinderella. I think the element is useful, and may turn out to be critical in future developments. One of the assumptions of the work product of this group appears to be that digital signatures of the type supported by X-509 certificates will be the dominant if not exclusive signature technology of the next decades. Legal developments are going in the opposite direction from such an assumption. The Uniform Electronic Transactions Act (UETA) was authored by the National Conference of Commissioners on Uniform State Laws, which took almost four years on the project. Essential points include a definition of an electronic signature as "an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record," and a legislative determination that a signature or record may not be denied legal effect or enforceability solely because it is in electronic form. A number of states have recently adopted the uniform law. These include Arizona, California, Idaho, Indiana, Minnesota, Nebraska, Pennsylvania, South Dakota, Utah and Virginia. A number of other states are in the process of various stages of adoption. Both the U.S. House of Representatives and the Senate have passed bills providing for national regulation in those states where the uniform law is not yet adopted. There are significant differences between the House and Senate versions and a compromise bill has been drafted. The compromise bill provides that as an alternative to adoption of the UETA, a state may simply adopt legislation which is not inconsistent with the federal law. Like the UETA, the Congressional bills include as an allowed electronic signature "an electronic sound, symbol, or process". The use of the word "sound" is deliberate. Under the terms of these laws, which will soon be in effect in one form or other in all of the states of the United States, it will be possible to sign electronically using a biometric as the authentication method. Preferably the biometric signature will include a hash of the biometric or the document, or both, or a digital signature, for the purposes of data integrity. The European Union has a 1999 directive which has a similar philosophy of technology-neutrality as the American legislation. We can expect a number of different signature technologies to emerge. One, which is laready recognized in many legal jurisdictions, is the Chris Smithies' signature dynamics, which uses a signature tablet and a stylus to create a digital file that includes signature characteristics, or properties. Applications will need to know how the signing application authenticated the signer and how it dealt with data integrity. These will be properly handled as Signature Properties, to my way of thinking. It will be an error that will mar the usefulness of the work product of this group to assume or insist upon digital signatures supported by x-509 certificates as the only, or even dominant technology. For these reasons, I think it is indispensible to leave Signature Properties reserved for future developments in this area.
Received on Tuesday, 23 May 2000 09:21:54 UTC