[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [dss] client-side hashing
Good idea. If the client can get the server's public key in advance, the digest method can include the step of "blinding" the hash value. I'm not suggesting blind signatures as a requirement, but just as something to consider when developing the architecture for the server. Based on the discussion so far, it looks like the architecture should provide a means for the client to obtain the server's public signature key in advance of supplying the value to be signed. Indeed, this may have other benefits; the client might have preferences as to algorithm, key size, available certificates, etc. So an optional key-selection protocol may be a useful feature. -- Burt -----Original Message----- From: Trevor Perrin [mailto:trevp@trevp.net] Sent: Wednesday, February 05, 2003 12:51 PM To: Kaliski, Burt; dss@lists.oasis-open.org Subject: RE: [dss] client-side hashing At 09:30 AM 2/5/2003 -0500, Kaliski, Burt wrote: >Is there any interest in a blind signature service? In such a service, the >server would return a digital signature without ever seeing the hash. This >would prevent the server from subsequently "linking" the digital signature >with the user who requested it. Would be neat. The only scheme I'm familiar with, Chaum's RSA blinding, requires the client to know the server's public key, which is a slight inconvenience. And is patented until 2005. If the protocol is generic enough that a client sends a list of ds:References, and a selector for what type of signature he wants (CMS, XML DSIG, etc.), then might protocol support for this be as simple as just specifying a new ds:DigestMethod? -http://www.w3.org/2000/09/xmldsig#sha1WithRSABlinding Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC