[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Scope of electronic signature
At 10:32 PM 10/2/2003 +0100, Nick Pope wrote: >Content-Transfer-Encoding: 7bit > >John, > >Currently, I believe the question with regards DSS is not whether the method >provides an Electronic Signature, but whether this method constitutes >Digital Signature. > >DSS, by its name, and the mechanisms on which DSS builds (e.g. W3C XML >signatures and CMS) clearly relate to Digital Signatures. Also, Statement >of Purpose of DSS clearly assumes that a digital signature involves use of >keyed mechanisms. Similarly, W3C signatures assume the use of keyed >signature algorithms. But see my response here - http://lists.oasis-open.org/archives/dss/200309/msg00111.html The point of our protocol is for clients to produce/verify signatures without caring about implementation details. Whether the hash is associated with an entity through a cryptographic key or a database entry is, I would argue, an irrelevant detail. A cryptographic key is one way to produce an "authenticated channel" for transporting a hash value. A secure database is another way. If you did a little work profiling XML-DSIG, like my post suggested, then a client should be able to access a Database-backed DSS server to sign/verify with no problems. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]