[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-03.doc uploaded
Liebe Gruesse/Regards,
Gregor
Karlinger
-----Original Message-----
From: Nick Pope [mailto:pope@secstan.com]
Sent: Tuesday, April 08, 2003 3:33 PM
To: Krishna Yellepeddy; dss@lists.oasis-open.org
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-03.doc uploadedIf the CRLs / OCSP, relevant to the time that the signature was created, are already held by the client then it should be possible for these to be used. It may be that the validation server does not have access to this historical information.Whether or not the client is trusted to provide this information is an issue for the policy for validation.-----Original Message-----
From: Krishna Yellepeddy [mailto:kyellepe@us.ibm.com]
Sent: 08 April 2003 00:58
To: dss@lists.oasis-open.org
Subject: Re: [dss] Groups - dss-requirements-1.0-draft-03.doc uploaded
Section 3.6.2 of draft-03 states:
- Explicit key and validation info submitted by client ( Certificates, CRLs, OCSP response)
Allowing the client to provide CRLS and OCSP responses which then get used by the server in the verification of a signature, hurts the quality of the verification being done. It also opens the door for claims that had the client not provided incorrect information, the server could have verified the signature better. Why would we want the client to provide this information ? Moreover, the client may not have the capabilities to obtain and provide this information. I realize it increases the burden on the server to obtain this information directly, but it improves the quality of the verification to make the server obtain this information directly.
Regards,
Krishna
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]