[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x] RE: DSS-X: action #0041
Nick, I certainly agree in that certain scenarios would require all these three features present in a <dss:VerifyResponse>, namely: 1. Containers for including report on each signature found (the <SignatureVerificationReport> in my submisssion or the like) 2. Details on the data (certificates, crls, ocsp responses, timestamps, etc) used by the server during the verification process. 3. That the server actually signs the <dss:VerifyResponse> itself with its own private key so that the <dss:VerifyResponse> may be presented in the future as a kind of trusted ticket in case of litigation, for instance. In our last conf call we initially agreed in defining a profile including features 1 and 2 and defining several conformance levels so that implementers could develop servers providing 1, 2 or 1 and 2, for instance. And this because these two features are strongly related. The question is whether feature 3 is so strongly related to 1 and 2 as to also incorporate this feature to the profile or it deserves a different profile that servers could implement as other profiles and by doing so, providing the three aforementioned features.... Do you think that it is worth to define the three features in the same profile? Juan Carlos. Pope, Nick escribió: > Juan Carlos, > > I have a feeling that may have similar aims in mind in providing a record of > the verification of one or more signatures from a sever, that may be both > used for verification. > > However, I have not had the time to look into this in detail so you may be > right that they are original. > > Nick > > >> -----Original Message----- >> From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu] >> Sent: 19 November 2007 17:43 >> To: 'Nick Pope'; dss-x; Juan Carlos Cruellas >> Subject: DSS-X: action #0041 >> >> Nick, >> >> At the last conf call I mentioned the message sent to the list on >> merging the "*Signed Verification Response profile" with "multiple >> signature verification report". >> >> *You may find my message at: >> http://www.oasis-open.org/apps/org/workgroup/dss- >> x/email/archives/200711/msg00032.html >> >> At the last conf call, however, it was suggested to make a profile >> managing at the same time: >> >> 1. Capability for returning one report on the verification of each >> signature (my initial proposal). >> 2. Capability for making that the report contains an extensive list of >> details on the verification process (ie, certificates checked, OCSP >> responses, et, etc) (based on the schema that Detlef circulated some >> time ago). >> >> BUT having multiple conformance levels. >> >> My feeling is that the profile for allowing the verification servers to >> give back a signed VerifyResponse is ortogonal to the aforementioned >> profile. >> What is your view? >> >> Thank you >> >> Regards >> >> Juan Carlos. >> >> * >> >> * >> > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]