[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on Requirements Draft
Trevor; Just a few responses below. > >Question 2: Personally I see no need to support a request > time as well as > >a signing time. Unless someone can come up with a use case > that would > >support it, I would suggest that we only support signing time. > > I think on the call we talked about "asynchronous" protocol > runs, where the > client sends a request (maybe in email or something), then a > human reviews > it, and then several hours later the request is approved and a signed > document is returned. > > In that case signing time and request time could be substantially > different. Do we want to support that case? Even if we support an asynchronous protocol, its not clear to me that the request time adds anything. What is a relying party going to do with it? >Question 4: I would personally be comfortable with just > supporting the > >direct delivery method. > > So would Gregor. But we still want indirect delivery for the > to-be-signed > data? I would think so. > >In Section 3.7.4 it would probably also be useful for the > server to return > >the time in the past that it used to verify the signature if > it was not > >simply verified at the current time. > > So we need two timestamps/marks, in that case? - one for when the > verification was performed, one for what time the server was > verifying at? I think that is correct. Robert.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]