[whatwg] Browser Signature Standards Proposal

Anders Rundgren anders.rundgren at telia.com
Thu Nov 2 00:27:33 PST 2006


Digital signatures is as you say just a variation of authentication.  The things
that the DS people wants to add are:

- A "process" that differs from authentication from the user's point of view
- A persistent trace of the authenticated operation.  This is what the signature
  adds to the picture.  HTTPS with client-side certificates have no connection
  to content data since it occurs at the transport level.  Digital signatures are
  created at the application-level in the schemes that Channy and I talk about.

But it is a fact that strong authentication is an alternative to digital signatures
but some of use are trying to change that, not only for legal reasons but for
making a difference between "login" and "accept".

Anders

----- Original Message -----
From: "Alexey Feldgendler" <alexey at feldgendler.ru>
To: <whatwg at lists.whatwg.org>
Sent: Wednesday, November 01, 2006 09:29
Subject: Re: [whatwg] Browser Signature Standards Proposal


On Wed, 01 Nov 2006 14:22:15 +0600, Channy Yun <channy at gmail.com> wrote:

>> What benefit does this provide over simply using HTTPS with a client-side
>> certificate?

> Using HTTPS with a client-side certificate doesn't support digital
> signature.The digital signature is same with the signing or stamp of
> contract in real world. Many governments encourage to add digital
> signature to transactional data (form data). It legally assures data
> and transactions signed(added digital signature) by user's
> certificates.

The purpose of a digital signature is to certify that the data submitted by the client were not forged by an attacker. HTTPS with a
client-side certificate ensures the same.


--
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com





More information about the whatwg mailing list