RE: [dss] Compound operation Verify & Sign

["Nick Pope" <pope@secstan.com>]

OK point taken.

I still believe that there are use cases where a second signature depends on
the validity of the first.

Nick

> -----Original Message-----
> From: jmessing [mailto:jmessing@law-on-line.com]
> Sent: 24 October 2003 15:06
> To: OASIS DSS TC; Nick Pope
> Subject: Re: [dss] Compound operation Verify & Sign
>
>
> A note of caution. A VerifyAndSign operation of a DSS server will
> not meet notarization requirements as presently framed in common
> law countries, particularly the US, because the server will only
> be verifying the validity of a first signature and confirming
> that it validates by affixing its own second signature.
>
> In a notarization, determination of an individual's identity as a
> first matter is also required. This currently must be performed
> by a notary, who also makes a second determination that the act
> of signing was voluntary: i.e., the state of mind to an observer
> of the signer when the signature was affixed was such that intent
> to be bound by the signature can be presumed. Determinations
> appropriately included would be whether there was duress, as by a
> gun pointed to the head of the signer, or the signer was drunk,
> or was babbling incoherently, such that the intent of the signer
> was questionable. Without a radical change of law, this cannot be
> replaced by a VerifyAndSign accomplished in the absence of a
> human being acting as notary. For a number of reasons, it is
> likely within the US that human notarizarions will continue to be
> required for legal purposes notwithstanding the possibility of
> computerized verify and sign operations . I would therefore
> caution others not assume that a VerifyAndSign operation will
> facilitate notarization techniques. To justify work on such a
> method, I believe other potential uses should be identified first.
>
> ---------- Original Message ----------------------------------
> From: "Nick Pope" <pope@secstan.com>
> Date:  Fri, 24 Oct 2003 10:28:11 +0100
>
> >Following the discussion on the <Status> element brings to mind the
> >discussion we had a few meetings ago on compound (or what Ed
> called stacked)
> >operations and particularly the ability to support a
> VerifyAndSign operation
> >where a counter signature is applied based on whether the
> original signature
> >is valid.
> >
> >I believe that such an operation is important in a number of use
> cases, for
> >example, notarisation services.
> >
> >This was brought up at the F2F meeting and was included in the
> requirements
> >document (3.9).  My recollection of the discussion on 22 Sept is that the
> >only compound operation that was needed would be VerifyAndSign,
> although I
> >see no record of it in the minutes.
> >
> >How do we envisage VerifyAndSign being supported in the DSS protocol?  Is
> >there a way of combining the two request / response structures, or do we
> >need to define a specific structure which is this combined operation?
> >
> >Nick
> >
> >
> >
> >To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
> kgroup.php.
> >
> >
>
>