[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [dss] client-side hashing
Nick;
I would think we would be interested in the notarisation type service. If I'm not mistaken, I think the Corporate Seal use case would cover this type of service. The policy of the server applying the corporate seal may require the document to meat certain requirements before a signature is applied. Similarly, I can see a potential need in this environment for the server to archive documents that it has signed.
Robert.
> -----Original Message-----
> From: Nick Pope [mailto:pope@secstan.com]
> Sent: Wednesday, February 05, 2003 5:49 AM
> To: Pieter Kasselman; jmessing@law-on-line.com; Trevor
> Perrin; Rich Salz
> Cc: dss@lists.oasis-open.org
> Subject: RE: [dss] client-side hashing
>
>
> I see that there are two types of service.
>
> A notarisation type of signing service where the trusted third party
> examines the document to be signed and only signs if the
> document meets
> certain requirements, and possibly archives the document on
> behalf of the
> requestor. The other is a pure signing service where the server just
> returns a digital signature against a document.
>
> In the second case I see no difference between the document
> or a hash of the
> document being submitted. In both cases if "birthday attacks" are
> considered to be a risk, and there exist two documents with
> the same hash
> value, assuming that the signature algorithms uses encrypted
> hashes, then
> substitution can occur whether or not the hash is calculated
> at the client
> or server.
>
> Is the DSS concerned with what I refer to as a notarisation
> type service?
> If so we need a use case.
>
> Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC