[Top] [All Lists]

Re: [smime] [pkix] Research question: Witnessing by digital signature

2010-06-17 01:16:50
Matt McCutchen <matt(_at_)mattmccutchen(_dot_)net> writes:
On Thu, 2010-06-17 at 16:53 +1200, Peter Gutmann wrote:
How would one "witness" a digital signature?  To witness a physical signature
means that one has personal knowledge that the signer intentionally signed 
document.  Simply adding a digital signature to a document bearing someone
else's digital signature is not witnessing in this sense.

  "When I use a word it means just what I choose it to mean -- neither more
   nor less"
   -- Humpty Dumpty (and PKI).

And what is it chosen to mean?  Maybe I can propose a better term for the

I was commenting on the way PKI borrows standard, well-defined terms and uses
them in strange ways, "nonrepudiation" being another example (and,
incidentally, agreeing with your comment).  So perhaps "PKI-witness" can be
defined as:

  "A service designed to ensure PKI-nonrepudiation"

and then all you need to do is come up with a definition of PKI-nonrepudiation.

(My suggestion for the latter would be "A legal term misused for PKI in order
to give potential buyers of PKI products and services warm fuzzies").

smime mailing list