Re: SV: Online Certificate Revocation Protocol

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

Bob,

(..)

> I really wasn't addressing the legal and/or technical requirements 
> for timestamping for certain  documents.  I think we all understand 
> what could and perhaps should be done, assuming the
> circumstances warrant it.

> Technically I agree with you -- it would be nice to be able to 
> confirm the validity of a certificate 15 years after the fact. 

I disagree with you. The right sentence should be:
"It would be nice to be able to confirm the validity of an 
*electronic signature * 15 years after the fact."

> But from a legal or business perspective, I would claim that is 
> pretty close to nonsense -- you simply aren't likely to get into 
> a dispute about whether a contract was signed properly 15 years 
> after the fact. 

It does make sense because someone will do an initial verification soon
after the signature has been generated and then the data captured at that
time will be re-used again to verify the signature later on.

Since the European Directive makes an electronic signature, *made under some
technical conditions*, equivalent to an handwritten signature, it is
necessary to be able to verify *again* such a signature as long as an
equivalent handwritten signature on the same type of transaction/document
can be verified. 

Denis

(remaining of the text deleted)