- From: Paul Lambert <plambert@certicom.com>
- Date: Wed, 21 Apr 1999 11:35:10 -0700
- To: w3c-xml-sig-ws@w3.org
>As long as the blob coming out of the sign function >actually correctly measures change in the document when the blob and >document are passed to the verify function, we do not care what format that >data takes. > >To wit, the better handwritten signature technologies achieve at least a >modicum of security by encrypting the blob. We must have clear definitions of the mechanisms that we create. It is not appropriate to confuse a public key signature with a biometric authentication technique like the digitization of parameters from a physical signature. Biometric authentication techniques should not be in the scope of the DSig effort. If biometric techniques are used, they may be part of an authentication process used to access a securely stored private key. Brief guidelines may be provided that could describe how authentication techniques are required to protect access to an entities secret key. Public key digital signatures provide more than just detecting a change in a document. The trust associated with the signature is based on the fact that the signature comes from a specific unique key. These keys have well know risks associated with the handling and storage of the this unique secret information. While biometric information is unique in some sense, it can be forged. Additional precautions must be taken to prevent the duplication of a valid signature. I propose that we be precise with our discussions and limit the scope of our digital signature specification to signatures based on public key cryptographic techniques. Likewise, symmetric cryptographic techniques do not have the same properties as a public key signature. We are discussing how to apply symmetric keyed hash mechanisms, so I assume we have requirements for this mechanism. The trust considerations for a shared key mechanism are not the same as public key signed mechanisms. I propose that any support for encryption, key exchanges or keyed hash security mechanisms be given unique tags so the mechanisms are not confused with digital signatures. In particular, a keyed hash will never be able to support non-repudiation. Automated processing of our signature mechanisms require that we clearly distinguish the inferences possible from any specific usage. It is best in the processing to identify these differences as soon as possible. List of XML Digital Signature working group non-requirements: - application of biometric techniques for authentication in XML - application of physical digital signature as biometric authentication for XML signatures Paul
Received on Wednesday, 21 April 1999 14:43:37 UTC