[Top] [All Lists]

Re: Notary signatures

2002-04-25 17:05:31

On Thu, Apr 25, 2002 at 04:49:46PM -0700, Jon Callas wrote:
On 4/25/2002 3:07 PM, "David Shaw" <dshaw(_at_)jabberwocky(_dot_)com> wrote:

RFC-1991 defined sigclass 0x40 as a timestamp, and went on to further
explain its intended use ("Type <40> is intended to be a signature of
a signature, as a notary seal on a signed document.")

When RFC-2440 came out, this extra explanation seems to have been
lost, as 2440 defines 0x40 only as a timestamp.  A sigclass for a
signature on a signature would be very useful.  Any chance to restore
this clarification in the next draft?

It wasn't so much that it was lost, but that it was actively removed.

Only the document and certification signatures were ever implemented before
2440 came out. At one time, we removed all the definitions to simplify. Then
they gradually crept back in. 0x40 became a timestamp because there were
people who wanted to use it.

I may be wrong on this, but would it be better to introduce a new type if
you want to do notaries? Or do this with a notation?

As I see it, all signatures can have a timestamp, so really any of
them is usable for a timestamp signature.  I'm not sure how 0x40
differs here, as it doesn't seem clear what 0x40 is a signature on.
If it is on binary data, then we have a type for that already.  If it
is on textual data, we have a type for that as well.  We even have a
type for a standalone signature-on-nothing "token".

A notary signature does not have to be class 0x40, but since 0x40 was
intended for this in the past, and (as far as I can see) does not
serve a purpose that other signature types cannot already provide, why
not make it 0x40?


   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

<Prev in Thread] Current Thread [Next in Thread>