RE: Signing and Encryption from Martin Franklin on 2001-01-29 (xml-encryption@w3.org from January 2001)

From: Martin Franklin <MFranklin@STELLCOM.com>
Date: Mon, 29 Jan 2001 13:16:21 -0800
To: "'Joseph Ashwood'" <jashwood@arcot.com>, meadowsj <meadowsj@nobs.ca.boeing.com>, xml-encryption@w3.org
Message-ID: <6BCDCDFAB19FD4119CE300508B9B06EA188593@izar2.stellcom.com>

Joe

Here's ome example I found 

Asokan, Shoup, and Waidner: Fair Exchange of Digital Signatures
At EUROCRYPT '98, Asokan, Shoup, and Waidner extended optimistic protocols
to fair exchange [1]. In their protocol, Alice and Bob send encrypted
signatures to each other. Then they prove to each other that the encryptions
really do contain digital signatures, and that these are signatures on the
correct documents. Finally, they send each other decryption keys.

If something goes wrong, a third party can step in and use the "proofs of
correct encryption" to verify that all has gone well up to a point. Then the
third party can take some course of action, such as terminating the protocol
or decrypting the signatures for both parties.

This is from http://www.acm.org/crossroads/xrds7-1/contract.html

> Martin Franklin
> Principal Engineer
> s t e l l c o m
> San Diego, CA
> mfranklin@stellcom.com
> (858) 947-1572
> www.stellcom.com
> 



-----Original Message-----
From: Joseph Ashwood [mailto:jashwood@arcot.com]
Sent: Monday, January 29, 2001 12:55 PM
To: meadowsj; xml-encryption@w3.org
Subject: Re: Signing and Encryption



----- Original Message -----
From: "meadowsj" <meadowsj@nobs.ca.boeing.com>
To: <xml-encryption@w3.org>; <jashwood@arcot.com>
> If signing a document is akin to making an assertion about a document,
> I could perceive some value in keeping certain assertions made about a
> document private from third parties. I'm hard pressed to think of an
> example where storing those assertions with the document would be an
> absolute necessity however, so perhaps it's a non-issue.
>
> Cheers,
> Joe Meadows

Actually that's a very good point that hadn't occured to me. I'm still at a
loss of any examples where knowledge of the document must be public
knowledge but the signer cannot be, except possibly to give anonymous
testimony to something, where the testimony could be verified later. Maybe
that's enough. I'm not sure it would seem to be a business end of things,
and I'm an engineering end. Does anyone have any examples? Or is this a
non-issue from the business end also. Or would simply forcing detached
signatures with out of band ordering information be enough?
                    Joe

Attachments

application/octet-stream attachment: Martin_Franklin__E-mail_.vcf

Received on Monday, 29 January 2001 16:19:11 UTC