- From: <tgindin@us.ibm.com>
- Date: Wed, 31 May 2000 19:31:24 -0400
- To: w3c-ietf-xmldsig@w3.org
Is there any point in the current draft which would need to be changed
to make allowances for someone to define a "manually verifiable" signature
technique in this connection? It may be out of scope, and it won't be
completely ready in time for the final recommendation, but it consists of
the following:
1 A new value for SignatureMethod "manuallySignedDigest". This value
for SignatureMethod implies that the SignatureValue itself consists of the
base 64 encoding of the message digest and is not signed. This method's
main parameter is a reference to a SignatureProperty containing the manual
signature. It might also accept a parameter giving the data type of the
manual signature.
2 The manual signature itself, in a SignatureProperty. This manual
signature should contain a voice recording, transcribed signature, or the
like which is performed by the user (signed with handwriting or spoken) and
in which the user him/herself records the message digest.
This technique is not automatically verifiable, so it may not be in
scope for this group. However, it is a way of performing a general
electronic signature using mainly pieces from the current XMLDSIG
specification. The software verification of such a document will perform a
digest verification, but then a human will have to verify the actual
signature.
Tom Gindin
Received on Wednesday, 31 May 2000 19:53:13 UTC