[whatwg] Browser Signature Standards Proposal
Anders Rundgren
anders.rundgren at telia.com
Thu Nov 2 00:27:33 PST 2006
Digital signatures is as you say just a variation of authentication. The things
that the DS people wants to add are:
- A "process" that differs from authentication from the user's point of view
- A persistent trace of the authenticated operation. This is what the signature
adds to the picture. HTTPS with client-side certificates have no connection
to content data since it occurs at the transport level. Digital signatures are
created at the application-level in the schemes that Channy and I talk about.
But it is a fact that strong authentication is an alternative to digital signatures
but some of use are trying to change that, not only for legal reasons but for
making a difference between "login" and "accept".
Anders
----- Original Message -----
From: "Alexey Feldgendler" <alexey at feldgendler.ru>
To: <whatwg at lists.whatwg.org>
Sent: Wednesday, November 01, 2006 09:29
Subject: Re: [whatwg] Browser Signature Standards Proposal
On Wed, 01 Nov 2006 14:22:15 +0600, Channy Yun <channy at gmail.com> wrote:
>> What benefit does this provide over simply using HTTPS with a client-side
>> certificate?
> Using HTTPS with a client-side certificate doesn't support digital
> signature.The digital signature is same with the signing or stamp of
> contract in real world. Many governments encourage to add digital
> signature to transactional data (form data). It legally assures data
> and transactions signed(added digital signature) by user's
> certificates.
The purpose of a digital signature is to certify that the data submitted by the client were not forged by an attacker. HTTPS with a
client-side certificate ensures the same.
--
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
More information about the whatwg
mailing list