RE: [dss] Compound operation Verify & Sign

["Edward Shallow" <ed.shallow@rogers.com>]

Agree with John, but let's split this discussion into 2 separete threads:
John's below, and the compound operations discussion.

Ed 

-----Original Message-----
From: jmessing [mailto:jmessing@law-on-line.com] 
Sent: October 24, 2003 9:06 AM
To: OASIS DSS TC; Nick Pope
Subject: Re: [dss] Compound operation Verify & Sign

A note of caution. A VerifyAndSign operation of a DSS server will not meet
notarization requirements as presently framed in common law countries,
particularly the US, because the server will only be verifying the validity
of a first signature and confirming that it validates by affixing its own
second signature.

In a notarization, determination of an individual's identity as a first
matter is also required. This currently must be performed by a notary, who
also makes a second determination that the act of signing was voluntary:
i.e., the state of mind to an observer of the signer when the signature was
affixed was such that intent to be bound by the signature can be presumed.
Determinations appropriately included would be whether there was duress, as
by a gun pointed to the head of the signer, or the signer was drunk, or was
babbling incoherently, such that the intent of the signer was questionable.
Without a radical change of law, this cannot be replaced by a VerifyAndSign
accomplished in the absence of a human being acting as notary. For a number
of reasons, it is likely within the US that human notarizarions will
continue to be required for legal purposes notwithstanding the possibility
of computerized verify and sign operations . I would therefore caution
others not assume that a VerifyAndSign operation will facilitate
notarization techniques. To justify work on such a method, I believe other
potential uses should be identified first.

---------- Original Message ----------------------------------
From: "Nick Pope" <pope@secstan.com>
Date:  Fri, 24 Oct 2003 10:28:11 +0100

>Following the discussion on the <Status> element brings to mind the 
>discussion we had a few meetings ago on compound (or what Ed called 
>stacked) operations and particularly the ability to support a 
>VerifyAndSign operation where a counter signature is applied based on 
>whether the original signature is valid.
>
>I believe that such an operation is important in a number of use cases, 
>for example, notarisation services.
>
>This was brought up at the F2F meeting and was included in the 
>requirements document (3.9).  My recollection of the discussion on 22 
>Sept is that the only compound operation that was needed would be 
>VerifyAndSign, although I see no record of it in the minutes.
>
>How do we envisage VerifyAndSign being supported in the DSS protocol?  
>Is there a way of combining the two request / response structures, or 
>do we need to define a specific structure which is this combined operation?
>
>Nick
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.
>
>

To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
.