- From: Paul Lambert <plambert@certicom.com>
- Date: Wed, 21 Apr 1999 19:19:17 -0700
- To: rdbrown@globeset.com
- cc: w3c-xml-sig-ws@w3.org
>Not quite true. It has been already demonstrated that some symmetric >authentication schemes can provide the necessary foundation to >non-repudiation... You are correct that there are a variety of ways to implementate non-repudiation. Typically these require a third party. I should have been more specific about the distinction I was attempting to describe. Public key based signatures are traceable to a single key holder. Symmetric techniques are subject to repudiation since both the creator and the validating agent have access to the secret key. >In fact, a symmetric authentication >scheme with an adequate audit-trail and well-defined processes may stand >stronger than a public-key signature scheme with inadequate protection of >the private-key or an obvious lack of scrutany when establishing >credentials. Yes, but assuming equivilant protection of keys, public-key techniques have the unique characterisitic that they are more readily traceable to a single key-holder. The semantics of a public key signature are different than that of a keyed hash. Our specification should clearly describe the diffierences in service provided by the two mechanisms. The syntax of our XML digital signature should clearly describe the expected security service. We should not confuse keyed hashs with public key based digital signatures. So ... in summary here's a few of my comments in a requirements format: Proposed XML Digital Signature Requirements: - XML digital signatures shall be based on public key cryptographic techniques to bind the signatures to a single key holder - XML digital signatures shall provide a single mandatory implement set of algorithms to promote the fielding of interoperable implementations. Other example optional algorithms will be described and supported. - The XML digital signature specification shall define mechanisms to support keyed hash and key exchange. - The XML digital signature syntax shall clearly describe the expected security service (e.g. public key signature versus keyed hash) - XML digital signatures must carry only a single originator key or certificate. XML Digital Signature working group non-requirements: - application of biometric techniques for authentication in XML - application of physical digital signature as biometric authentication for XML signatures Paul "Richard D. Brown" <rdbrown@globeset.com> on 04/21/99 05:08:18 PM Please respond to rdbrown@globeset.com To: Paul Lambert/Certicom, w3c-xml-sig-ws@w3.org cc: Subject: RE: Biometric techniques are not public key signatures Paul, > > In particular, a keyed hash will never be able to support > non-repudiation. > Not quite true. It has been already demonstrated that some symmetric authentication schemes can provide the necessary foundation to non-repudiation - for example H(S,K,M) in secure hardware with S being a unique signer's identifier sealed in the token, K a shared secret also sealed in the token, and M a representation of the document could be satisfactory. More sophisticated schemes can be built with key-exchange algorithms (i.e. Diffie-Hellman). > The trust considerations for a shared key mechanism are not the > same as public key signed mechanisms. Correct though usage of a public key signature scheme does not imply trust per se. Adopting a public key signature scheme only allows signature verifiability without having to disclose the signing secret. Trust is bound to the production by a truted third-party of a credential that binds the signature verification key with a set of attributes. Trust is only propagated by the credential and not intrinsic to the use of public keys. For WPR exchanges, symmetric key is often sufficient - non-repudiation is not always necessary or can be achieved without making use of a "mechanic with strong mathematical foundations." Many times in the past, courts have ruled in favor of well-defined and well-documented business processes though not founded upon mathematical concepts. In fact, a symmetric authentication scheme with an adequate audit-trail and well-defined processes may stand stronger than a public-key signature scheme with inadequate protection of the private-key or an obvious lack of scrutany when establishing credentials. Sincerely, Richard D. Brown
Received on Wednesday, 21 April 1999 22:34:16 UTC