Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
<home_pw@msn.com> Thu, 11 January 2007 19:33 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55fj-0003rw-L8; Thu, 11 Jan 2007 14:33:11 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55fi-0003rq-I1 for tls@ietf.org; Thu, 11 Jan 2007 14:33:10 -0500
Received: from bay0-omc2-s38.bay0.hotmail.com ([65.54.246.174]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H55fg-0003mp-10 for tls@ietf.org; Thu, 11 Jan 2007 14:33:10 -0500
Received: from hotmail.com ([65.55.131.23]) by bay0-omc2-s38.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 11 Jan 2007 11:33:07 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 11 Jan 2007 11:33:07 -0800
Message-ID: <BAY126-DAV135C98C0829F4744C4F3A992B10@phx.gbl>
Received: from 70.142.20.165 by BAY126-DAV13.phx.gbl with DAV; Thu, 11 Jan 2007 19:33:02 +0000
X-Originating-IP: [70.142.20.165]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: Omirjan Batyrbaev <batyr@sympatico.ca>
References: <200701102032.VAA12262@uw1048.wdf.sap.corp> <001901c734f9$8dbbe1b0$d8ae5e41@pbo8f8e10aowa>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Date: Thu, 11 Jan 2007 11:33:01 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 11 Jan 2007 19:33:07.0314 (UTC) FILETIME=[51ED4520:01C735B7]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
I've lost track of the URL, but somewhere on an MSN/Microsoft site it once had a click-signature mechanism. "Click the Agree button" to be legally bound to something, over the SSL channel. That is not particularly remarkable, of course. However, there was specific and remarkable legal blurb justifying this as an "electronic signature". I recall reading it, wide-eyed. One can gauge the trustworthiness of that "https signature" based on classical evaluation analysis (a) was the https implementation/ciphersuite/CA good enough (b) was the HTML rendered in Microsoft's IE product c) Is the browser and OS assured to ensure nothing else on the PC could interfere with the rendering of the server's-page ...and its dynamic button and event generation/communication. Absent an NCSC evaluation report thereto, the only party that can argue one way or the other is of course the vendor - which just happened to be Microsoft of course. So, I think this was an edge case, that only an MSN site can make this claim for a click signature, because it has complete control over the trusted technology being applied (being an arm of Microsoft, the product maker of IE, https, MSN Servers, etc). However, to be an electronic signature, there has to be a recordation act. Presumably, the MSN audit logs have the details of the ciphersuite used, the browser headers, and perhaps even the SSL session pdus for replay. ----- Original Message ----- From: "Omirjan Batyrbaev" <batyr@sympatico.ca> To: <martin.rex@sap.com>; "Stefan Santesson" <stefans@microsoft.com> Cc: <tls@ietf.org> Sent: Wednesday, January 10, 2007 12:54 PM Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00< At > least in US and at least one big b2b exchange said that > they have a simple > non-repudiation practice: they make customers (buyers and > sellers) to sign > the agreement that stipulates that whatever is the record > of a transaction > in the exchange database that holds as the non-repudable > record. (the name > witheld due to the NDA). So they have no need for even > application level > non-repudiation. So as Stefan pointed out the b2b simply > uses http today. _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Please discuss: draft-housley-evidence-extn… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Ari Medvinsky
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Peter Williams
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Kyle Hamilton
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Kyle Hamilton
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- RE: [TLS] Please discuss: draft-housley-evidence-… Russ Housley
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Russ Housley
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… Peter Gutmann
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Peter Gutmann
- Re: [TLS] Please discuss: draft-housley-evidence-… Omirjan Batyrbaev
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- RE: [TLS] Please discuss: draft-housley-evidence-… Kemp, David P.
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Steven M. Bellovin
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-… home_pw
- Re: [TLS] Please discuss: draft-housley-evidence-… Mike
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- RE: [TLS] Please discuss: draft-housley-evidence-… Stefan Santesson
- RE: [TLS] Please discuss: draft-housley-evidence-… Mark Brown
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex
- Re: [TLS] Please discuss: draft-housley-evidence-… Eric Rescorla
- Re: [TLS] Please discuss: draft-housley-evidence-… Martin Rex