OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oiic-formation-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [oiic-formation-discuss] List of ODF interop issues that need to beaddressed -- Electronic signatures


"Hurley, Garry \(L&I - OIT\)" <ghurley@state.pa.us> wrote on 07/01/2008 02:18:16 PM:

> I think that before we add in the requirement for digital signatures
> to be preserved/included, we need to have a standard definition of
> what an electronic signature is.  Is it a digital image of a written
> signature, a 64-bit key, a 128-bit key, a 1024-bit key, or just a 4-
> bit key?  Different applications will recognize different levels of
> security and "electronic signatures" until a standard definition is
> decided upon.  I would suggest that OASIS or some other standards
> body may want to define, once and for all time, what is and is not
> considered an "electronic signature" (a bit-length key should
> specify only a minimum, to allow it to be expanded as time goes by
> and as needed).
>

Key length is a sensitive issue, since some nations have restrictions on what they allow for use by private citizens, and some other nations have restrictions on what can be used in software that is exported.   The net result is that digital signature frameworks, like the W3C's Digital Signature standard (http://www.w3.org/TR/xmldsig-core/)allow for a variety of algorithms and key lengths.

The above mentioned standard gives a few examples of what an XML digital signature looks like, e.g.:  http://www.w3.org/TR/xmldsig-core/#sec-o-Simple

ODF 1.2 will include the use of W3C Digital Signatures.

This is also an interesting area to look at for those who would forbid all ODF extensions.  In several cases, governments have extended the W3C's Digital Signature to add additional elements in their own name space.  These extensions are mandated by regulation or legislation.  Different countries have different requirements, and these requirements change at a quicker pace than standards change.   Do we forbid conforming ODF applications from fulfilling the mandatory requirements of these governments?  I assure you that those companies selling proprietary formats will have no hesitation meeting their customer's needs.

-Rob

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]