Matt McCutchen <matt(_at_)mattmccutchen(_dot_)net> writes:
On Thu, 2010-06-17 at 16:53 +1200, Peter Gutmann wrote:
How would one "witness" a digital signature? To witness a physical signature
means that one has personal knowledge that the signer intentionally signed
the
document. Simply adding a digital signature to a document bearing someone
else's digital signature is not witnessing in this sense.
"When I use a word it means just what I choose it to mean -- neither more
nor less"
-- Humpty Dumpty (and PKI).
And what is it chosen to mean? Maybe I can propose a better term for the
concept.
I was commenting on the way PKI borrows standard, well-defined terms and uses
them in strange ways, "nonrepudiation" being another example (and,
incidentally, agreeing with your comment). So perhaps "PKI-witness" can be
defined as:
"A service designed to ensure PKI-nonrepudiation"
and then all you need to do is come up with a definition of PKI-nonrepudiation.
(My suggestion for the latter would be "A legal term misused for PKI in order
to give potential buyers of PKI products and services warm fuzzies").
Peter.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime