IETF Logo Mail Archive

Re: [pkix] Research question: Witnessing by digital signature

Jorge López <jlopez.ha@gmail.com> Fri, 11 June 2010 10:25 UTC

Return-Path: <jlopez.ha@gmail.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB1AE28C15F for <pkix@core3.amsl.com>; Fri, 11 Jun 2010 03:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFUuOO6Ph-dI for <pkix@core3.amsl.com>; Fri, 11 Jun 2010 03:25:50 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 803BA28C13D for <pkix@ietf.org>; Fri, 11 Jun 2010 03:25:49 -0700 (PDT)
Received: by wya21 with SMTP id 21so621353wya.31 for <pkix@ietf.org>; Fri, 11 Jun 2010 03:25:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=nZtIqsp4XStdaDLHJeYt31QNQe8KvSVV3OOnrnD6ylM=; b=kCfH2gW/NXcHHptDx94AGqjTRqBwVPTEZiyACMv0tDSZOIukeDeL6MPHw+nkSQh+9f 6IL8lLmAmiYNv1gKBZBHxoEpTvw92b7sMwTd380PsXUixD4gqWSzTxVcmMFEauxxp5Wi aenlK/i4THronXk7fJbvaZpLEqHm7kgj+I+ao=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=WwphVWPOgaxI0vzTtDdwvkXtJoWbexOat1nMYTwfAdjCUqkuA3V3T2NEGZvIIhEL0s FrMRnKg7Gpblp1brLnlfz5YBWFpq9I/v2JBZdfx5knBAdfoHR5hQXyB67ptJw5RRrH6+ RC20JW+r9/FDW57fGFeBduB+quDDFKIWoIilQ=
MIME-Version: 1.0
Received: by 10.227.133.18 with SMTP id d18mr1578270wbt.186.1276251946295; Fri, 11 Jun 2010 03:25:46 -0700 (PDT)
Received: by 10.216.20.141 with HTTP; Fri, 11 Jun 2010 03:25:46 -0700 (PDT)
In-Reply-To: <3596991152589585308@unknownmsgid>
References: <6FC9E49ED3472043A38619BFA97F37B5044CCC13@ukcrn08.crn.thales-esecurity.com> <AANLkTinMuQMbYfMi01U7gUb7RKnZpZp1MdxRRukxQXW8@mail.gmail.com> <3596991152589585308@unknownmsgid>
Date: Fri, 11 Jun 2010 12:25:46 +0200
Message-ID: <AANLkTikblMd4-qf5IXJnQo45FVjU1vcMkd9vh3fru49D@mail.gmail.com>
From: Jorge López <jlopez.ha@gmail.com>
To: Liaquat Khan <liaquat.khan@ascertia.com>
Content-Type: multipart/alternative; boundary="001485f78c0ae724b30488be8f5e"
Cc: denis.pinkas@bull.net, pkix <pkix@ietf.org>
Subject: Re: [pkix] Research question: Witnessing by digital signature
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2010 10:25:55 -0000

Dear Liaquat,

(sorry if I have missed some information) I have skim read document D1.1
Part 3: Signature Policies, and it seems that the Project uses ETSI
Signature Policies, and that the "binding" between the multiple signatures
(when needed) is made in human-readable documents rather than by means of
automated processes. Am I right?

Jorge.

2010/6/11 Liaquat Khan <liaquat.khan@ascertia.com>

>  Note the large European project “PEPPOL” (Pan-European Public Procurement
> On-Line) considers multiple signature options as part of the Signature
> Policy.   It seems logical place to me.
>
>
>
> Regards
>
> LK
>
>
>
> *From:* pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] *On Behalf Of
> *Jorge López
> *Sent:* 11 June 2010 13:22
> *To:* Pope, Nick
> *Cc:* pkix; denis.pinkas@bull.net
>
> *Subject:* Re: [pkix] Research question: Witnessing by digital signature
>
>
>
> Mmm, not so sure about that. Current signature policy is already
> transaction/document oriented, as it establishes the requirements to be
> fulfilled for the generation and validation of the signature, but within the
> transaction scope. There are fields that specifically fix the
> business/transactional context. The necessity I mentioned is what happens
> when more than one signature is needed to complete the transaction.
>
>
>
> Well, you could do that at document/application level, but the cumbersome
> is guaranteed. An extended signature policy, like the one proposed in the
> aforementioned paper, can fill that gap in a seamlessly manner, and not
> application-dependent one.
>
>
>
> Regards,
>
>
>
> Jorge.
>
>
>
> 2010/6/11 Pope, Nick <Nick.Pope@thales-esecurity.com>
>
> Denis,
>
>
>
> With PDF's this is handled by producing a document template with the layout
> including the placement of signatures.  I think this is an issue for the
> document standards applying signatures not for signatures standards.
>
>
>
> Nick
>
>  -----Original Message-----
> *From:* pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] *On Behalf Of
> *Denis Pinkas
> *Sent:* 11 June 2010 09:54
> *To:* Jorge López; swilson
> *Cc:* pkix
> *Subject:* Re: [pkix] Research question: Witnessing by digital signature
>
> Hi,
>
>
>
> You are right: there is no signature policy standard or technical document
> that helped to establish the dependences and relationships among several
> signatures.
>
>
>
> The current concept of "signature policy" applies to a single signature.
> If a document has multiple signatures, each one can be done under a
> different signature policy.
>
>
>
> So the "missing" concept is a "document signature policy" (not to be
> confused with  a "signature policy") which would tell,
> how many electronic signatures are needed, which signature policies are
> acceptable for each one, whether they need to be parallel
> or embedded, which commitment types must be present, etc ...
>
>
>
> This combination of criteria could be important and all these verifications
> are currently left to the application.
>
> It is questionnable whether this should be standardized now or left to the
> application.
>
>
>
> Denis
>
>
>
>  ----- Message reçu -----
>
> *De :* Jorge López
>
> *À :* Stephen Wilson
>
> *Date :* 2010-06-11, 10:17:44
>
> *Sujet :* Re: [pkix] Research question: Witnessing by digital signature
>
>
>
> Hi,
>
>
>
> Among other open issues, a technical one lies in the fact that currently
> there is no signature policy standard or technical document that helped to
> establish the dependences and relationships among several signatures to make
> them legally binding. It would be the scenario of a witness or notary, who
> must countersign a former signature to make the transaction
> effective. This limitation was pointed out by ETSI in a technical
> report published in 2003 [1]. To the best of my knowledge, little research
> has been done in this direction [2].
>
>
>
> Regards,
>
>
>
> [1] ETSI TR 102 045 - Electronic Signatures and Infrastructures (ESI);
> Signature policy for extended business model v1.1.1. European
> Telecommunications
>
> Standards Institute (ETSI), March 2003
>
> [2] Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Benjamin Ramos and
> Arturo Ribagorda. Extended Electronic Signature Policies. 2nd ACM
> International Conference on Security of Information and Networks (SIN 2009),
> pp. 268--277, ACM Press. North Cyprus. 2009.
>
>
>
> 2010/6/10 Stephen Wilson <swilson@lockstep.com.au>
>
>
> Has any work been done in PKIX or elsewhere on formal witnessing of digital
> signatures?  And/or ... does anyone in the group know of real life instances
> where a digital signature is witnesses and attested to using another dig
> sig?
> Cheers,
>
> Stephen Wilson
> Managing Director
> Lockstep Group
>
> Phone +61 (0)414 488 851
>
> www.lockstep.com.au <http://www.lockstep.com.au>
> Lockstep Consulting provides independent specialist advice and analysis
> on digital identity and privacy.  Lockstep Technologies develops unique
> new smart ID solutions that enhance privacy and prevent identity theft.
>
>
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
>
>
>
>  *Consider the environment before printing this mail.*
>
> *"Thales e-Security Limited is incorporated in England and Wales with
> company registration number 2518805. Its registered office is located at 2
> Dashwood Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge,
> Surrey KT15 2NX.*
>
> *The information contained in this e-mail is confidential. It may also be
> privileged. It is only intended for the stated addressee(s) and access to it
> by any other person is unauthorised. If you are not an addressee or the
> intended addressee, you must not disclose, copy, circulate or in any other
> way use or rely on the information contained in this e-mail. Such
> unauthorised use may be unlawful. If you have received this e-mail in error
> please delete it (and all copies) from your system, please also inform us
> immediately on +44 (0)1844 201800 or email postmaster@thales-esecurity.com.
> Commercial matters detailed or referred to in this e-mail are subject to a
> written contract signed for and on behalf of Thales e-Security Limited".*
>
>
>

v2.46.0 | Report a Bug | By Email | System Status