OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [dss] client-side hashing

This may already be covered by the Non-XML data signing use case
http://www.infomosaic.net/DSS-UseCases.htm#NonXMLData. Basically the
service simply treats the input, which in this case is ds:SignedInfo
element, as an arbitrary bit stream and returns its signature back to
the requester. The requester can then put it in the ds:SignatureValue
element and complete the signed XML preparation. The only issue to be
considered would be if the value returned by the DSS service is little
endian or big endian.

Regards,

Manoj Srivastava
President & CEO
Infomosaic Corporation
2118 Walsh Avenue, Suite 200
Santa Clara, CA 95050
Voice: (408) 988-4337
Fax:   (408) 516-9427
http://www.infomosaic.net

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and/or privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the
intended recipient, Please contact the sender by reply e-mail and
destroy all copies of the original message.

-----Original Message-----
From: Trevor Perrin [mailto:trevp@trevp.net] 
Sent: Sunday, February 02, 2003 9:09 PM
To: dss@lists.oasis-open.org
Subject: [dss] client-side hashing



Greetings,

I'd like to propose that a client may compute the hash on some document 
himself, then request the service to sign/verify this hash.  This would
be 
more efficient that submitting the whole document.

It would also keep the document's contents hidden from the service.
This 
might be a disadvantage in use cases like Carlisle's "Corporate Seal", 
where the corporation would like to keep a record of what it has 
signed.  It might be an advantage in Carlisle's "Identified Requester" 
case, where the service is simply a private-key-holder for the client,
and 
the less the client has to trust it the better.

To sign, a client could send a ds:SignedInfo and receive back a 
ds:Signature.  To verify, the client would perform reference validation 
himself, then forward the ds:Signature to the service for signature
validation.


Trevor


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC