Nelson B Bolyard wrote:
The paper I signed stated that the packages had been inspected and found
to be in good order, and released him and his employer from all liability
for damage to them. That signature on that paper ultimately cost my
employer about $6k (a lot of $$ in 1978), IIRC, and I lea
What *user* could need is a copy of what was requested to be signed
but that is useless unless the request is also signed since a user can
fabricate whatever data he/she wants and sign it.
But seriously (as Graham Legget wrote), the real use-case needs a
receipt (hotel booking, patent filing, purc
Ian G wrote, On 2008-11-20 16:24:
> Hi Nelson, welcome to this fun debate :)
Thanks. :)
> Nelson B Bolyard wrote:
>> It seems to me that ANY prudent person would ask that question
>> when asked to sign anything.
>
> Maybe they do; as you and I agree, many people do not. That includes
> many b
Graham Leggett wrote:
Ian G wrote:
I'm saying this is a business problem, and not a security problem.
Look at the business of signing, and you will see that the problems
are solved in general. E.g., when signing something, there are two
copies, one given to each party.
If you try and tur
Ian G wrote:
>That wasn't my question. Here's my question again: How do you show any
>person afterwards that the person signed it?
>I mean: how does Alice look tomorrow in this system to see what she
>signed? Next year? How does Bob look next year to see what Alice
>signed? How does Trent,
Ian G wrote:
That wasn't my question. Here's my question again: How do you show any
person afterwards that the person signed it?
I mean: how does Alice look tomorrow in this system to see what she
signed? Next year? How does Bob look next year to see what Alice
signed? How does Trent, s
Hi Nelson, welcome to this fun debate :)
Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-20 07:53:
Graham Leggett wrote:
Having designed a system that includes "web signing" using
crypto.signtext() for an insurance company to handle claim approvals, I
can tell you that the primar
Ian G wrote, On 2008-11-20 06:04 PST:
> Nelson Bolyard wrote:
> Um. So these tools organise a signature from a client cert over the
> text in the form text box, and then post the signature up to the server?
Well, I can only speak for what Mozilla browsers do. They generate a
"document" that co
Ian G wrote, On 2008-11-20 07:53:
> Graham Leggett wrote:
>> Having designed a system that includes "web signing" using
>> crypto.signtext() for an insurance company to handle claim approvals, I
>> can tell you that the primary question of the business people wh
software. (They have
>a lab where each and every version of the software is installed for
>testing by assessors.)
As you say, there is no solution to the problems you just described so why
would I or anybody else spend time on that?
>Also when signing a contract by hand I usually g
Ian G wrote:
This requires a client-certificate HTTPS connection to the webserver
to make it happen?
No, this can happen over an insecure http connection. The connection
between the browser and server has nothing to do with the
crypto.signtext() function.
Typically, you would probably want
Graham Leggett wrote:
Ian G wrote:
Um. So these tools organise a signature from a client cert over the
text in the form text box, and then post the signature up to the server?
The crypto.signtext() function is given a text string, and the browser
UI pops up a dialog box that invites the use
Ian G wrote:
OK, that's interesting but equally worrying that the business people
were asking that question, above all others. If so, this would suggest
to me that your business people had spent too long in the fluffy "do
what lawyers say" world, and had forgotten they had a business to run?
h an agreement to sign, you just blindly click on the
"accept" button trusting that the agreement that was never read
contained nothing harmful to you in any way.
Seems like we've all spent some fluffy time :)
Having designed a system that includes "web signing" using
Ian G wrote:
Um. So these tools organise a signature from a client cert over the
text in the form text box, and then post the signature up to the server?
The crypto.signtext() function is given a text string, and the browser
UI pops up a dialog box that invites the user to read the text, and
Ian G wrote:
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of "Web Signi
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of "Web Signing"
have
a lab where each and every version of the software is installed for
testing by assessors.)
Also when signing a contract by hand I usually get a physical copy of it
which I can archive. That's not the case when doing web-signing. That's
another important flaw of that scheme.
Ciao, Mi
Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of "Web Signing"
you have spent too long in the fluffy "who cares" world where
when presented with an agreement to sign, you just blindly click on the
"accept" button trusting that the agreement that was never read
contained nothing harmful to you in any way.
Having designed a system that incl
-and-mortar shops is ultimately the most important application for
the suggested scheme. Since this list doesn't really work with payments,
I won't bore you to death with how this is supposed to work, but it does!
Anders
If you really want to test Web Signing you can try this proxy setup
htt
Eddy Nigg wrote:
> On 11/19/2008 05:52 PM, Anders Rundgren:
>> In the meantime, wouldn't it be of some value if Mozilla tried to
>> satisfy a PKI-
>> related activity that in number of users, already is much bigger than
>> S/MIME,
>> i.e. the concept of "
Collective posting to save list-space. Aka "green" posting :-)
Eddy Nigg wrote:
>> i.e. the concept of "Web Signing"?
>What is this supposed to be? Perhaps I missed it?
Ian G wrote:
>What is "Web Signing?"
>And, what are the requirements?
As I w
23 matches
Mail list logo
