OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: PKI-TC Action Item in Preparation

Dear list,

In spite of the EU signature directive, originally issued 1993,
digital signatures in the nowadays ubiquitous web-
environment is still a "solution-provider" thing.

A remedy is though in preparation:


In case anybody in this list aware of any similar effort, I would
be most interested to get in touch with those.

Only defining what is in-scope and what is out-of-scope turned
out to be a daunting task, as on-line signatures have essentially not
been researched at all.

One common view is that "Windows is like a virus, so to
use Windows is out-of-scope".  Regardless of what one 
think of Windows, I believe this view is principally wrong
as operating system integrity is a generic problem, not more
related to digital signatures than storing confidential information
or performing other mission-critical operations.

Another view is that "On-line signatures are for protecting
users against fraudulent merchants".   This also seems to be
principally wrong.  A signature essentially has no "value"
except for the "receiver" as a "sender" may create anything
on his/her own making the sender's copy invalid as an
evidence.   That is, on-line signatures are mainly intended
to protect service providers from fraudulent users, which
though in turn indirectly protects the legitimate users as well.
The addition of a "signature procedure" hopefully makes
users less suspectible to accept signature requests without
first actually looking at the content.

Anders Rundgren

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]