[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00

To: mark@xxxxxxxxxxxxxxxxxxxx (Mark Brown)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
From: Martin Rex <martin.rex@xxxxxxx>
Date: Thu, 4 Jan 2007 14:25:54 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <002401c72f6f$5269f6e0$6801a8c0@xxxxxxxxx> from "Mark Brown" at Jan 3, 7 01:42:37 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Mark Brown wrote:
> 
> Here's an example to motivate why someone might want an un-forgeable record.
> Say you're buying tickets to a popular concert/movie/etc. online (i.e.,
> limited inventory situation).  In this case you (buyer) might care even more
> about getting a ticket than its price.  So when you show up at the venue you
> want your electronic tickets / records of sale sustain a fair verification
> effort that they are not forgeries.  You do not want the venue manager to
> say, "Sorry, we don't have records of this transaction..."

There is a real-world example of how to make correct use of digital
signatures as a legal proof.  Unfortunately the entire description
is in German, so not everyone will understand what this is about:

http://faq.1und1.de/access/neu/vertrags_und_rechnungsfragen_/3.html

This is about a German Internet Service Provider that offers to
send Email-based (instead of paper-based) invoices to business
customers and they offer a discount for using that service
(because printing and Snail mailing generates more cost that
 the purely digital approach).

Now the issue is, that in order for a business to get VAT refund
from the IRS, a business either needs to turn in a paper-based
invoice or alternatively a digital invoice with a qualified digital
signature that conforms to the German digital signature law.

So the approach taken by that Internet Service Provider is to
send the invoice as a digitally signed PDF using a qualified
digital signature, and they tell you on their Website (URL above)
how to actually verify that qualified digital signature.

"Evidence" at the raw network level for such a purpose is
such a horribly stupid idea.  I don't understand why we are
wasting any time talking about it.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00
  - From: Mark Brown

Prev by Date: [TLS] Writing Help with draft-williams-on-channel-binding
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Previous by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00
Next by thread: [TLS] Counter structure
Index(es):
- Date
- Thread