- From: David Wall <dwall@Yozons.com>
- Date: Sat, 14 Dec 2002 11:12:26 -0800
- To: <w3c-ietf-xmldsig@w3.org>
Thanks for the legal point of view, Mr. Messing. I do appreciate the updates and your comments. > Proof of intent (the subject of this posting) is best determined from the > social and human context rather than any automated means such as a > certificate non-repudiation bit. To add to the ideas of the posting, how > does one distinguish an autograph from a signature intending to bind a > person to a document, either in the paper world or the electronic world? The > answer is look at the content. What was said? But that is not a signature > function, it is a legal construction issue based upon the objective > expression of human intent, indicating the posting is really off-topic for > XML Signatures. I completely agree with this sentiment, but this is what tweaked my curiousity, since the one of the main benefits of XML Signatures is automated signature verification. My query was mostly about determining how suitable automatic verification is when it comes to electronic signatures in which the context is all important and cannot be easily automated. Clearly, from a digital signature perspective, it's wonderful assuming all of the options for forming signatures within the standard can successfully be implemented interoperably. > With these points covered, XML digital signatures can be made a perfectly > appropriate means for creating electronic signatures on XML data for any and > all legal purposes. I agree and never really contested that it would not. After all, most electronic signature products are based on digital signatures, and I'd bet several have an XML data structure underlying it all. Again, I'm thinking about if I wanted to send you a signed contract electronically, is there really that much of a benefit using XML Signatures rather than other digital signature-based solutions. Sure, with XML Signatures you can automatically validate the digital signature, but you still have to "render" the XML data underlying it in a way that makes it obvious to a human what is being agreed to, etc., who signed it and when, and that won't be part of the automated XML Signature capability, implying that I'll still need some sort of specialized application to render the contract terms in a way that I can determine if the signature is on something that I'd also agree to (and perhaps countersign or simply add my signature as part of the cause), who signed it, when it was signed, etc. Most business documents today are in World, Excel, PDF or HTML, and these won't be helped all that much by wrapping them inside XML tags. If I need specialized applications to render the data in a meaningful way, then is there really that much gained by not just having that application also validate the digital signature? Anyway, I do like the XML Signature standard. I think it will be particularly useful in the future when contracts are perhaps created in a more transactional environment using automated systems with agreed upon XML structures as LegalXML Oasis group is no doubt working on. When I think of fixed transactions like those done with EDI, ATMs/SWIFT, etc., I'm sure XML Signatures will be even more powerful because the signature and the intent can all be automated. David Wall
Received on Saturday, 14 December 2002 14:11:28 UTC