RE: [dss] client-side hashing

[Trevor Perrin <trevp@trevp.net>]

At 09:30 AM 2/5/2003 -0500, Kaliski, Burt wrote:
>Is there any interest in a blind signature service? In such a service, the
>server would return a digital signature without ever seeing the hash. This
>would prevent the server from subsequently "linking" the digital signature
>with the user who requested it.

Would be neat.  The only scheme I'm familiar with, Chaum's RSA blinding, 
requires the client to know the server's public key, which is a slight 
inconvenience.  And is patented until 2005.

If the protocol is generic enough that a client sends a list of 
ds:References, and a selector for what type of signature he wants (CMS, XML 
DSIG, etc.), then might protocol support for this be as simple as just 
specifying a new ds:DigestMethod? 
-http://www.w3.org/2000/09/xmldsig#sha1WithRSABlinding

Trevor