[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: AW: [dss-x] Groups - Requirements for multi-signature comprehensivereports profile (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signature-verification-report_v0.1.doc)uploaded
Dear Detlef, I appologize for not reacting to your email before: I have been the whole week out of Barcelona attending the ETSI security workshop and other meetings (well, I am still out of Barcelona...).... Thank you very much for your message...please see below intermixed. In general terms, I think that as you mention, there are some issues that we may comment at our next Monday call.... Regards Juan Carlos. Huehnlein, Detlef escribió: > Hallo Juan Carlos, > > I will briefly provide some feedback concerning your > comments in the uploaded document below: > >> OS1: The mention to "legal validity" could open all kind of discussions on what is required to attest this legal >> validity. Taking into account that this may vary from one place to the other I would suppress the mention to legal >> validity. Could we find some alternative wording? > > You are right, that the requirments for "legal validity" vary from > one country to another and hence we should not discuss this topic in > detail. Nevertheless the full individual verification report should be > designed in a way, which covers all (known) requirements or at least > is extensible such that it may comprise all necessary information to reach > this goal. Furthermore I would not be surprised, if it would turn out > that considering the European (and especially German) requirements > would probably lead to a report, which may fulfill the requirements > of other countries as well. > I fully agree with you that the goal would be designing the protocol in a way that it provides anything that it may be required some previously known scenario and leave the spec open to further extensions if new reauirements are made by other.... The reason why I am a bit reluctant to use the term "legal validity" is that I see these as technical specifications for satisfying technical requirements. Very likely after some time legal guys may produce laws that require to make usage of our technical specs. My experience is that even lawyers tend to be very cautious when speaking of "legal validity" of something.... I would propose an alternative wording stating two points: 1. certain domains require (inforce regulations) that the answer of the verification server not only gives a valid or unvalid answer but a more detailed report of what it did for actually consider valid the signature. 2. That this profile aims at serving as give satisfaction to a number of domains needs by providing an extensive verification report with details of the verification process. >> OS2: I would use signed properties.... To differentiate from the signed data objects, >> ie the data objects signed by the signature to be verified. > > What I meant here is that it should be possible to verify the signed objects > (certificates, time stamps, CRLs, OCSP-responses), even if they do NOT appear > as signed property (within some signature) but as standalone object. But we may > further discuss this requirement. > I see your point....I think that in XAdES it is used the term "validation (or verification, I do not remember) data", ie, data that are used to verify the signature. Could we use that type of terminology here? >> OS3: Are you still talking of signed properties > No. I really meant signed objects (i.e. any object, which happens to be signed). > Ah....then for me this is one good reason for using different terms when referring to an OCSP and to the actually signed objects (by teh signature to be verified) >> OS4: As above, use signed property > We should probably briefly discuss this point in the next telco. Yes, sure....we comment this. > >> OS6: I think that here we are overlapping with other profile. Could it be possible >> to leave this out of the scope, but cross reference this other profile and take a >> look to what is going on in the signature policy profile? > > Yes, we can reduce this requirement to a simple reference to the other profile. Maybe we could make an explicit reference to the other profile.... > >> OS7: Again, here we are overlapping with another purported profile: the one that allows >> to request verification and return of a signed response (but you made a good point, maybe >> is required not only signed but signed and time-stamped responses). I would delete it or >> just cross reference the relationship with this other profile. > > Yes, again, we can reduce this requirement to a simple reference to the other profile. > As above... > BR, > Detlef >> -----Ursprüngliche Nachricht----- >> Von: cruellas@ac.upc.edu [mailto:cruellas@ac.upc.edu] >> Gesendet: Freitag, 4. Januar 2008 11:11 >> An: dss-x@lists.oasis-open.org >> Betreff: [dss-x] Groups - Requirements for multi-signature >> comprehensive reports profile >> (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signa >> ture-verification-report_v0.1.doc) uploaded >> >> Dear all, please find at the URL the initial version of the >> requirements document for the multi-signature comprehensive >> report profile. Please, take into account that this is just >> an initial version, containing revision marks and comments >> that have to be further discussed. >> >> -- Juan Cruellas >> >> The document named Requirements for multi-signature >> comprehensive reports profile >> (2007-12-12-Proposal_oasis-dss-profile-for-comprehensive-signa >> ture-verification-report_v0.1.doc) >> has been submitted by Juan Cruellas to the OASIS Digital >> Signature Services eXtended (DSS-X) TC document repository. >> >> Document Description: >> >> >> View Document Details: >> http://www.oasis-open.org/apps/org/workgroup/dss-x/document.ph >> p?document_id=26710 >> >> Download Document: >> http://www.oasis-open.org/apps/org/workgroup/dss-x/download.ph >> p/26710/2007-12-12-Proposal_oasis-dss-profile-for-comprehensiv >> e-signature-verification-report_v0.1.doc >> >> >> PLEASE NOTE: If the above links do not work for you, your >> email application may be breaking the link into two pieces. >> You may be able to copy and paste the entire link address >> into the address field of your web browser. >> >> -OASIS Open Administration >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]