[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly



At 8:48 AM -0800 10/31/97, Carl Ellison wrote:
>	What does a signature mean?  Literally, it means that the keyholder
>applied
>his/her/its private key to the body of the signed thing.  That says nothing
>about the intention of the keyholder at the time, unless the intention is
>indicated somehow in the signed body.  The first example of this was when
>the body was a certificate -- and, as I said, we attacked that one.  We
>haven't addressed non-cert signed bodies yet.  Do we need to?

The (mostly) lawyers discussing digital signature issues on "Digital
Signature discussion <DIGSIG@VM.TEMPLE.EDU>" have identified some other
issues.  For example, has the software been hacked so the document
displayed for the user is not the same document that was signed.  (This
problem applies to smart card based signature systems as well as pure
software.)


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA



Follow-Ups: References: