-- Denis Pinkas -- a dit, - le 27/10/2004 09:48:
Paul-André,
You said:
"We can probably have a shortexplanation in the foreword of the
document, stating that in this document the word "data" has to be
understood as the "electronic representation" of a "fact" (or
"event")."
This is fully correct and I support this.
perfect
However thenafter you added:
"One specific case of such a "fact" is the submission or validation of
a document at a given date and time (optionnaly by a specific user),
one specific subcase being the validation of a X.509 certificate".
I wonder about this.
Someone (e.g. a notary) can testify hundreds of facts or events. There
are millions of such facts or events. So we should neither focus on
"submission or validation of a document at a given date and time" nor
on "validation of a X.509 certificate".
I never said that the groupe "should focus" on "validation of a
certificate" and I am sorry if my wording was so obscure that it could
be understood as such.
Nevertheless, I still pretend that the ability to obtain from a "Data
Certification Service" some form of "evidence", by means of a "data
cert" (dated and signed by the DCS authority) that one has indeed
verified at a given date and time that an X.509 certificate was checked
and validated is indeed one example of "user's requirement" from such a
service.
Don't read that this should be the goal (main goal, unique goal) of
LTANS, just that it cann't be excluded and it makes sense in addition
to such services as OCSP. The "data cert" will "prove" for example that
the signature attached to a given document had been verified by a
specific user, at a given date (different from the signature date)
using a given "validation service". The actual role of the "Data
Certification Service" will not be to perform "itself" the validation
work but to certify that is has been done in the specific context (that
is the "fact" that is certified")
Same could be said about "document validation and submission", the role
of the DCS must be to deliver such a data cert and need not to include
the actual perfomance of the validation itself. Exactly as a "notary"
could establish a certificate that one of is customers has deposited
some amount of money at a bank for a specific purpose, that the
banknotes had been validated -by the bank- and that this bank has
delivered a receipt. The "data-cert" certifies a fact and comes in
addition to the bank receipt.
This being said, for the purpose of sharing the understanding, I agree
that that mentionning "X509 certs validation" too early in the document
and as a purpose and not as an example might be confusing, and I
certainly do no invite the group to mention this use case event if I
still claim that it belongs to the myriads of use cases relevant of
such a service.
regards,
-- PAP
Denis
-- Larry Masinter -- a dit, - le
25/10/2004 18:28:
This new title will add even more
confusion with the PKIX working group.
I'm sorry about the confusion over the title. We had put off
working through the document, so there was some rush to get
a new version out.
I'm a little uneasy about "Data Validation and Certification"
because in many of the use cases, the thing being validated
or certified isn't so much "data" as it is an "event" -- an
oath was administered, an agreement was understood, etc.
On one hand, you are right, in many cases what will be certified will
not be an document, but as you say a fact or an event, but on the other
hand, we are dealing with information systems and "facts" or "events"
will have to be represented and it will be by some "data" (a
combination of what, when, by whom ...)
As far as my understanding of the english language is correct, "data",
as being the more general word(even vague, here it is a clear advantage
over a more "accurate" or "connotated" term) is definitely the more
appropriate.
We can probably have a shortexplanation in the foreword of the
document, stating that in this document the word "data" has to be
understood as the "electronic representation" of a "fact" (or "event")
.
One specific case of such a "fact" is the submission or validation of a
document at a given date and time (optionnaly by a specific user), one
specific subcase being the validation of a X.509 certificate.
Another case being for example the receipt notification by a Long Term
Archive service,
or the the "approval" of a document at a given time by at least 67% of
the members of a given list of users.
Regards,
-- PAP
If we keep these use cases, can you think
of other alternatives?
Larry
--
Edelweb
Groupe ON-X Pôle Sécurité
paul-andre.pays@xxxxxxxxxx papays@xxxxxxxx
http://www.edelweb.fr/ http://www.on-x.com/
Tel. + 33 1 40 99 14 14. Fax. +33 1 40 99 99 58 -- Adresse : 15, quai
de Dion Bouton - 92816 Puteaux cedex
Pour vérifier la signature électronique, http://edelpki.edelweb.fr/
vous permet d'obtenir le certificat de l'autorité et la LCR.
--
PAP Sig
Tel.
+ 33 1 40 99 14 14. Fax. +33 1 40 99 99 58 -- Adresse : 15,
quai de Dion Bouton - 92816 Puteaux cedex
Pour
vérifier la signature électronique, http://edelpki.edelweb.fr/ vous permet d'obtenir
le certificat de l'autorité et la LCR.
|
|