yes, the signature standards talk about signatures irrelevant to other
signatures that might be an essential part of a signature itself.
So far it's up to application developer to provide "signature tree
template" that can control the signature creation flow.
On 2010.06.23 14:20, Jorge López wrote:
I agree with you Stefan. I misued the words to express that. Just to
clarify myself, in the context I'm referring to, signatures are an
instrument of evidence regarding the authenticity of the document,
understood authenticity as a means of identifying the signatory but
also indicating the signatory's approval of the signed data.
But, sometimes, and in order to make some agreements and commitments
made in a signed document binding, it is mandatory that more than one
signature is present. As an example, imagine the case where some
purchase order has to be authorised by the purchase manager. The order
should not be enforced until such signature is present. IMO, currently
there is no technical solution to fulfill that in a seamlessly and
2010/6/23 Stefan Santesson <stefan(_at_)aaa-sec(_dot_)com
A short note on this:
On 10-06-11 10:17 AM, "Jorge López" <jlopez(_dot_)ha(_at_)gmail(_dot_)com
> there is no signature policy standard or technical document that
> establish the dependences and relationships among several
signatures to make
> them legally binding
It is not the signature that is legally binding, it is the AGREEMENT
supported by that signature that is legally binding.
In most cases that agreement is legally binding regardless of
whether it is
signed or not. The signature makes it easier to prove the
existence of a
legally binding agreement but it is not the component that makes the
agreement legally binding.
This small detail is often overlooked when we are designing technical
pkix mailing list
smime mailing list