- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Wed, 13 Jun 2001 15:24:47 -0400
- To: Carolyn Sleeth <csleeth@bic.sri.com>
- cc: w3c-ietf-xmldsig@w3.org
I would agree that if you had two dedicated trusted machines in a trusted
environment commnicating only with each other, you probably don't need
signatures.
Donald
From: Carolyn Sleeth <csleeth@bic.sri.com>
Message-ID: <3B27B06F.7C88AA2A@bic.sri.com>
Date: Wed, 13 Jun 2001 11:27:00 -0700
To: Donald Eastlake 3rd <dee3@torque.pothole.com>, w3c-ietf-xmldsig@w3.org,
reagle@w3.org
References: <3B266A96.C7DB9A72@torque.pothole.com>
>Hi all-
>
>I am new to the xmldigsig list and have a question. I noted on the
>XML-Signature site that the working group does not deal with broader XML
>security issues, so if you could point me to the right person to ask, I
>am grateful.
>
>I am interested in knowing why digital signatures or a third party
>digital certificate is at all necessary in transactions where trusted
>relationships and identities already exist. An example is a one to one,
>long-term relationship in a closed market place. Specifically, when
>machine are communicating with other machines (such as in a
>time-critical factory floor environment), wouldn't the encumbering
>process of digital signatures and verification of information be a
>hassle? Do you need a trusted third party to ensure security is machine
>to machine interactions?
>
>I would appreciate knowing what groups do look as questions of trust
>management systems.
>
>Thank you, Carolyn Sleeth
Received on Wednesday, 13 June 2001 15:25:49 UTC