In <19981202220752F(_dot_)kazu(_at_)iijlab(_dot_)net>, on 12/02/98
at 10:07 PM, Kazu Yamamoto (山本和彦) <kazu(_at_)iijlab(_dot_)net>
said:
My experience says that the most difficult point is how to define
semantics of multiple signatures. (e.g. if verification of the first
signature succeeds and that of the second fails, how can we treat
this?)
Well this is going to depend on how the signatures are being used.
Example #1
We have a contract that 3 people need to sign off on. For the contract to be
valid all three signatures must be valid.
Example #2 **
We have a memo that is being circulated through the office. After each person
reads it they must sign off on it verifying that the memo has been read. In
this case a failure of one signature is a minor issue and can be resolved by
generating a new signature.
Example #3
A message posted to a public forum is signed with both the authors RSA key and
his DSA key to resolve compatibility issues between the various versions. The
validity of the message will depend on the capabilities of the verifiers
software (if one of the 2 signatures fail).
As you can see we no longer have the black and white scenario of pass/fail on
signature verification. I am not sure if we can really codify how to handle
partial failure of parallel signatures in the ID and it may be best to leave
this up to the application.
It should be noted that when I am discussing multiple signatures I am talking
about parallel signatures where all signatures are for the same block of data
(as opposed to encapsulated signatures where a signed document is then signed a
second time with the hash calculated over the data and first signature).
I will look over the 2 documents mentioned and get back to you on this.
** The inter-office memo becomes real interesting when you have the readers who
want to sign off on the memo but also add comments but still be left with a
single document in the end.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
---------------------------------------------------------------