As usual, you ask a seemingly simple questions, and a whole bunch of not so
simple
issues pop up.
I think I like the Signed Attribute scheme that Steve Dusse mentioned, although
I haven't
looked at it.
I agree with Tom Casey that I don't want to try to codify or standardize on the
semantic
meaning of a digital signature in a particular context at this time -- I'll let
the EDI folks
handle that, at least for now. English is bad enough--imagine a contract
written in ASN-1,
by a lawyer who doesn't know what an algorithm is.! :)
I am also not so concerned about strict time stamping in this context--that is
a problem,
and although the technology is relatively simple, as Michael Baum will attest,
the legal
issues are not so simple. For instance, how do you get a machine to give a
deposition?
"Raise your right-hand mouse button and repeat after me, ..." But for now, I
just want a
simple, convenient way of assuring myself that the comments and changes that
are being
proposed reference the same draft that I think they do, without having to a
red-line
comparison.
As a matter of fact, as long as we are coming closer and closer to an
object-oriented
approach to this problme, I would like to be able to define a gestalt object
that consists
of text, graphics, sound, images, or whatever. The first time I send it to
someone, I
of course have to send the whole thing. But after that, I would like to simply
incorporate
the previous object by reference to its name (local? global? unique?) and its
digital
signature or at least its hash, assuming it was previously signed. There is no
point in
clogging the (virtual) ether by sending the same text back and forth all the
time.
Bob