- From: Francis McCabe <fgm@fla.fujitsu.com>
- Date: Mon, 5 Aug 2002 12:57:20 -0700
- To: Hal Lockhart <hal.lockhart@entegrity.com>
On Monday, August 5, 2002, at 11:51 AM, Hal Lockhart wrote: > You have put your finger on an important issue that has been much > discussed on the PKIX mailing list and other fora that attract security > professionals, but not much in application circles. To summarize it in my > own words: security mechanisms can protect the integrity and > confidentiality of data traversing untrusted networks, but this does not > help unless there is agreement on informaiton semantics. > > The case much discussed in digital signature circles is: what does it > mean when you digitally sign a document. In some contexts, you might want > it to mean, "I agree to be bound by this contract." In others, it might > simply mean "here is my latest draft, you can be sure it was not altered > in transit." Or even "here is something interesting I found on the > Internet, which you can tell is not SPAM because it comes from me." This is a topic that we in the agent community have a LOT to say about. The resolution to this is the `communicative act'. A CA is essentially a pair: a verb-like token that indicates the force of the communication and a declarative sentence-like structure that we call the content. The performative makes the above distinction: signing a document is quite different to informing: i.e., there is a difference between telling you that I've signed a document and actually signing it -- even in the electronic world. Of course, there needs to be agreement on the tokens, but that is what standards organizations are for ;-) In this case, see www.fipa.org Frank
Received on Monday, 5 August 2002 16:02:19 UTC