IETF Logo Mail Archive

Re: [pkix] Research question: Witnessing by digital signature

"Liaquat Khan" <liaquat.khan@ascertia.com> Fri, 11 June 2010 11:47 UTC

Return-Path: <liaquat.khan@ascertia.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC2D53A67EB for <pkix@core3.amsl.com>; Fri, 11 Jun 2010 04:47:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.795
X-Spam-Level: *
X-Spam-Status: No, score=1.795 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DATE_IN_PAST_03_06=0.044, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6vKU9oMtZDy for <pkix@core3.amsl.com>; Fri, 11 Jun 2010 04:47:01 -0700 (PDT)
Received: from mail.ascertia.com (www.ascertia.com [94.136.44.32]) by core3.amsl.com (Postfix) with ESMTP id B0E103A69EF for <pkix@ietf.org>; Fri, 11 Jun 2010 04:46:59 -0700 (PDT)
Received: from ASCUK001 ([80.229.32.227]) by ascertia.com with MailEnable ESMTP; Fri, 11 Jun 2010 12:47:36 +0100
From: Liaquat Khan <liaquat.khan@ascertia.com>
To: 'Jorge López' <jlopez.ha@gmail.com>
References: <6FC9E49ED3472043A38619BFA97F37B5044CCC13@ukcrn08.crn.thales-esecurity.com> <AANLkTinMuQMbYfMi01U7gUb7RKnZpZp1MdxRRukxQXW8@mail.gmail.com> <3596991152589585308@unknownmsgid> <AANLkTikblMd4-qf5IXJnQo45FVjU1vcMkd9vh3fru49D@mail.gmail.com>
In-Reply-To: <AANLkTikblMd4-qf5IXJnQo45FVjU1vcMkd9vh3fru49D@mail.gmail.com>
Date: Fri, 11 Jun 2010 12:45:46 +0400
Message-ID: <00ee01cb0942$7dc14220$7943c660$@khan>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00EF_01CB0964.04D2E220"
X-Mailer: Microsoft Office Outlook 12.0
thread-index: AcsJWcJ+RH76o0+FSSaBCYFa34OjcwAGPS6A
Content-Language: en-gb
X-ME-Bayesian: 0.000000
Cc: denis.pinkas@bull.net, 'pkix' <pkix@ietf.org>
Subject: Re: [pkix] Research question: Witnessing by digital signature
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2010 11:47:12 -0000

Hi Jorge

 

You are correct with regards to this stage of PEPPOL, but this doesn’t mean
it’s against using automated processes in future.  My main point was that
regardless of manual or automated approach, the policy for how multiple
signatures should be applied seems appropriate subject for the Signing
Policy.   Putting this in a separate “policy” will just make things more
complicated IMO as its yet another policy to process for the signature
verification application. 

 

Regards

LK  

 

 

 

From: Jorge López [mailto:jlopez.ha@gmail.com] 
Sent: 11 June 2010 14:26
To: Liaquat Khan
Cc: Pope, Nick; pkix; denis.pinkas@bull.net
Subject: Re: [pkix] Research question: Witnessing by digital signature

 

Dear Liaquat,

 

(sorry if I have missed some information) I have skim read document D1.1
Part 3: Signature Policies, and it seems that the Project uses ETSI
Signature Policies, and that the "binding" between the multiple signatures
(when needed) is made in human-readable documents rather than by means of
automated processes. Am I right?

 

Jorge.

 

2010/6/11 Liaquat Khan <liaquat.khan@ascertia.com>

Note the large European project “PEPPOL” (Pan-European Public Procurement
On-Line) considers multiple signature options as part of the Signature
Policy.   It seems logical place to me.  

 

Regards

LK

 

From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of
Jorge López
Sent: 11 June 2010 13:22
To: Pope, Nick
Cc: pkix; denis.pinkas@bull.net


Subject: Re: [pkix] Research question: Witnessing by digital signature

 

Mmm, not so sure about that. Current signature policy is already
transaction/document oriented, as it establishes the requirements to be
fulfilled for the generation and validation of the signature, but within the
transaction scope. There are fields that specifically fix the
business/transactional context. The necessity I mentioned is what happens
when more than one signature is needed to complete the transaction.

 

Well, you could do that at document/application level, but the cumbersome is
guaranteed. An extended signature policy, like the one proposed in the
aforementioned paper, can fill that gap in a seamlessly manner, and not
application-dependent one.

 

Regards,

 

Jorge.

 

2010/6/11 Pope, Nick <Nick.Pope@thales-esecurity.com>

Denis,

 

With PDF's this is handled by producing a document template with the layout
including the placement of signatures.  I think this is an issue for the
document standards applying signatures not for signatures standards.

 

Nick

-----Original Message-----
From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of
Denis Pinkas
Sent: 11 June 2010 09:54
To: Jorge López; swilson
Cc: pkix
Subject: Re: [pkix] Research question: Witnessing by digital signature

Hi,

 

You are right: there is no signature policy standard or technical document
that helped to establish the dependences and relationships among several
signatures.

 

The current concept of "signature policy" applies to a single signature. 
If a document has multiple signatures, each one can be done under a
different signature policy.

 

So the "missing" concept is a "document signature policy" (not to be
confused with  a "signature policy") which would tell, 
how many electronic signatures are needed, which signature policies are
acceptable for each one, whether they need to be parallel 
or embedded, which commitment types must be present, etc ...

 

This combination of criteria could be important and all these verifications
are currently left to the application.

It is questionnable whether this should be standardized now or left to the
application.

 

Denis

 

----- Message reçu ----- 

De : Jorge López 

À : Stephen Wilson 

Date : 2010-06-11, 10:17:44

Sujet : Re: [pkix] Research question: Witnessing by digital signature

 

Hi, 

 

Among other open issues, a technical one lies in the fact that currently
there is no signature policy standard or technical document that helped to
establish the dependences and relationships among several signatures to make
them legally binding. It would be the scenario of a witness or notary, who
must countersign a former signature to make the transaction effective. This
limitation was pointed out by ETSI in a technical report published in 2003
[1]. To the best of my knowledge, little research has been done in this
direction [2].

 

Regards,

 

[1] ETSI TR 102 045 - Electronic Signatures and Infrastructures (ESI);
Signature policy for extended business model v1.1.1. European
Telecommunications

Standards Institute (ETSI), March 2003

[2] Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Benjamin Ramos and
Arturo Ribagorda. Extended Electronic Signature Policies. 2nd ACM
International Conference on Security of Information and Networks (SIN 2009),
pp. 268--277, ACM Press. North Cyprus. 2009.

 

2010/6/10 Stephen Wilson <swilson@lockstep.com.au>


Has any work been done in PKIX or elsewhere on formal witnessing of digital
signatures?  And/or ... does anyone in the group know of real life instances
where a digital signature is witnesses and attested to using another dig
sig? 
Cheers,

Stephen Wilson
Managing Director
Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au <http://www.lockstep.com.au>
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.  Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.



_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

 

Consider the environment before printing this mail.

"Thales e-Security Limited is incorporated in England and Wales with company
registration number 2518805. Its registered office is located at 2 Dashwood
Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge, Surrey KT15
2NX.

The information contained in this e-mail is confidential. It may also be
privileged. It is only intended for the stated addressee(s) and access to it
by any other person is unauthorised. If you are not an addressee or the
intended addressee, you must not disclose, copy, circulate or in any other
way use or rely on the information contained in this e-mail. Such
unauthorised use may be unlawful. If you have received this e-mail in error
please delete it (and all copies) from your system, please also inform us
immediately on +44 (0)1844 201800 or email postmaster@thales-esecurity.com.
Commercial matters detailed or referred to in this e-mail are subject to a
written contract signed for and on behalf of Thales e-Security Limited".

v2.46.0 | Report a Bug | By Email | System Status