[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [dss] client-side hashing
> The best way I can think of to support this, then, would be to have the
> client send a list of ds:References, and a selector for what type of
> signature he wants (CMS, XML DSIG, etc.).
This brings to mind an interesting security issue.
I understand the needs for sending the hash (privacy, performance, etc);
we did this at my previous company. But a third-party signing service,
or an internal cost-center service, might be concerned about signing
something that it didn't actually see. (I don't think "send the hash"
has similar security issues for verification.)
So I think we need to at least mention the implications of providing
this.
/r$
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC