[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Compound operation Verify & Sign
OK point taken. I still believe that there are use cases where a second signature depends on the validity of the first. Nick > -----Original Message----- > From: jmessing [mailto:jmessing@law-on-line.com] > Sent: 24 October 2003 15:06 > To: OASIS DSS TC; Nick Pope > Subject: Re: [dss] Compound operation Verify & Sign > > > A note of caution. A VerifyAndSign operation of a DSS server will > not meet notarization requirements as presently framed in common > law countries, particularly the US, because the server will only > be verifying the validity of a first signature and confirming > that it validates by affixing its own second signature. > > In a notarization, determination of an individual's identity as a > first matter is also required. This currently must be performed > by a notary, who also makes a second determination that the act > of signing was voluntary: i.e., the state of mind to an observer > of the signer when the signature was affixed was such that intent > to be bound by the signature can be presumed. Determinations > appropriately included would be whether there was duress, as by a > gun pointed to the head of the signer, or the signer was drunk, > or was babbling incoherently, such that the intent of the signer > was questionable. Without a radical change of law, this cannot be > replaced by a VerifyAndSign accomplished in the absence of a > human being acting as notary. For a number of reasons, it is > likely within the US that human notarizarions will continue to be > required for legal purposes notwithstanding the possibility of > computerized verify and sign operations . I would therefore > caution others not assume that a VerifyAndSign operation will > facilitate notarization techniques. To justify work on such a > method, I believe other potential uses should be identified first. > > ---------- Original Message ---------------------------------- > From: "Nick Pope" <pope@secstan.com> > Date: Fri, 24 Oct 2003 10:28:11 +0100 > > >Following the discussion on the <Status> element brings to mind the > >discussion we had a few meetings ago on compound (or what Ed > called stacked) > >operations and particularly the ability to support a > VerifyAndSign operation > >where a counter signature is applied based on whether the > original signature > >is valid. > > > >I believe that such an operation is important in a number of use > cases, for > >example, notarisation services. > > > >This was brought up at the F2F meeting and was included in the > requirements > >document (3.9). My recollection of the discussion on 22 Sept is that the > >only compound operation that was needed would be VerifyAndSign, > although I > >see no record of it in the minutes. > > > >How do we envisage VerifyAndSign being supported in the DSS protocol? Is > >there a way of combining the two request / response structures, or do we > >need to define a specific structure which is this combined operation? > > > >Nick > > > > > > > >To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor > kgroup.php. > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]