- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 05 Jun 2000 19:28:21 -0400
- To: "Barb Fox" <bfox@Exchange.Microsoft.com>
- Cc: <tgindin@us.ibm.com>, <w3c-ietf-xmldsig@w3.org>
At 03:39 PM 6/5/00 -0700, Barb Fox wrote: >I disagree. We've defined KeyInfo (in just about every conceivable form!) to mean "hints" to a verifier about where to find evidence that he is using the correct key. There is NO ambiguity here: the result of interpreting KeyInfo can only be the use of a particular key by the verifier in a cryptographic operation. I understood KeyInfo to be the information related to generating the SignatureValue. Consequently if someone defined a non-cryptographic method, KeyInfo should carry the hints appropriate to validating SignatureValue using that method. Your definition is appropriate as well (particularly given it's called KeyInfo) in that KeyInfo only holds information related to generating the SignatureValue via a cryptographic algorithm. I just want to be clear which it is and what the implication of your definition: A. Non cryptographic electronic signatures should place their "validating" information in SiggnatureProperties, or B. Non cryptographic electronic signatures can not use XML Signature syntax what-so-ever. (Specifying this would be difficult as we would then have to enumerate all the algorithms that may be used, or all those that may not, and it's difficult to enforce.) _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Monday, 5 June 2000 19:28:26 UTC