[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [dss] client-side hashing
> The best way I can think of to support this, then, would be to have the > client send a list of ds:References, and a selector for what type of > signature he wants (CMS, XML DSIG, etc.). This brings to mind an interesting security issue. I understand the needs for sending the hash (privacy, performance, etc); we did this at my previous company. But a third-party signing service, or an internal cost-center service, might be concerned about signing something that it didn't actually see. (I don't think "send the hash" has similar security issues for verification.) So I think we need to at least mention the implications of providing this. /r$
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC