[Top] [All Lists]

Re: [smime] [pkix] Research question: Witnessing by digital signature

2010-06-23 10:30:46
yes, the signature standards talk about signatures irrelevant to other signatures that might be an essential part of a signature itself.

So far it's up to application developer to provide "signature tree template" that can control the signature creation flow.

cell: +370-699-26662

On 2010.06.23 14:20, Jorge López wrote:
I agree with you Stefan. I misued the words to express that. Just to clarify myself, in the context I'm referring to, signatures are an instrument of evidence regarding the authenticity of the document, understood authenticity as a means of identifying the signatory but also indicating the signatory's approval of the signed data.

But, sometimes, and in order to make some agreements and commitments made in a signed document binding, it is mandatory that more than one signature is present. As an example, imagine the case where some purchase order has to be authorised by the purchase manager. The order should not be enforced until such signature is present. IMO, currently there is no technical solution to fulfill that in a seamlessly and generalistic manner.



2010/6/23 Stefan Santesson <stefan(_at_)aaa-sec(_dot_)com <mailto:stefan(_at_)aaa-sec(_dot_)com>>

    A short note on this:

    On 10-06-11 10:17 AM, "Jorge López" <jlopez(_dot_)ha(_at_)gmail(_dot_)com
    <mailto:jlopez(_dot_)ha(_at_)gmail(_dot_)com>> wrote:
    > there is no signature policy standard or technical document that
    helped to
    > establish the dependences and relationships among several
    signatures to make
    > them legally binding

    It is not the signature that is legally binding, it is the AGREEMENT
    supported by that signature that is legally binding.

    In most cases that agreement is legally binding regardless of
    whether it is
    signed or not. The signature makes it easier to prove the
    existence of a
    legally binding agreement but it is not the component that makes the
    agreement legally binding.

    This small detail is often overlooked when we are designing technical


pkix mailing list

smime mailing list