Re: [dss] Compound operation Verify & Sign

["jmessing" <jmessing@law-on-line.com>]

A note of caution. A VerifyAndSign operation of a DSS server will not meet notarization requirements as presently framed in common law countries, particularly the US, because the server will only be verifying the validity of a first signature and confirming that it validates by affixing its own second signature.

In a notarization, determination of an individual's identity as a first matter is also required. This currently must be performed by a notary, who also makes a second determination that the act of signing was voluntary: i.e., the state of mind to an observer of the signer when the signature was affixed was such that intent to be bound by the signature can be presumed. Determinations appropriately included would be whether there was duress, as by a gun pointed to the head of the signer, or the signer was drunk, or was babbling incoherently, such that the intent of the signer was questionable. Without a radical change of law, this cannot be replaced by a VerifyAndSign accomplished in the absence of a human being acting as notary. For a number of reasons, it is likely within the US that human notarizarions will continue to be required for legal purposes notwithstanding the possibility of computerized verify and sign operations . I would therefore caution others not assume that a VerifyAndSign operation will facilitate notarization techniques. To justify work on such a method, I believe other potential uses should be identified first.

---------- Original Message ----------------------------------
From: "Nick Pope" <pope@secstan.com>
Date:  Fri, 24 Oct 2003 10:28:11 +0100

>Following the discussion on the <Status> element brings to mind the
>discussion we had a few meetings ago on compound (or what Ed called stacked)
>operations and particularly the ability to support a VerifyAndSign operation
>where a counter signature is applied based on whether the original signature
>is valid.
>
>I believe that such an operation is important in a number of use cases, for
>example, notarisation services.
>
>This was brought up at the F2F meeting and was included in the requirements
>document (3.9).  My recollection of the discussion on 22 Sept is that the
>only compound operation that was needed would be VerifyAndSign, although I
>see no record of it in the minutes.
>
>How do we envisage VerifyAndSign being supported in the DSS protocol?  Is
>there a way of combining the two request / response structures, or do we
>need to define a specific structure which is this combined operation?
>
>Nick
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php.
>
>