[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] EPM postmark
At 02:02 PM 7/1/2003 +0100, Nick Pope wrote: >Content-Transfer-Encoding: 7bit > >Juan Carlos & Trevor, > >Whilst I have no problem with defining the services in a way so that they >can be decoupled, it should also be possible to provide a single integrated >service that provides all the user needs in a single request. Significant >cost savings and efficiencies are achievable with such an integrated >service. I agree - you'd want to be able to add validation data to a signature, and get a time-stamp covering that, in a single request/response. I just think it would be better to add validation data in a conventional way as OCSP responses or CRLs or whatever, then time-stamp that whole bundle, instead of just adding a time-stamp and having that function as both a time-stamp *and* a statement of validity. But if EPM wants to do it that way that's there prerogative, and you could make arguments in favor of that approach. So I guess our concern is just making sure the protocol supports either way. I guess we would do this in DSS by requesting a signature verification, with the 3.6.2 option "Whether information used in verification should be returned" enabled? Depending on the type of service, it might add validation data and then timestamp, or timestamp as a way of asserting validity, or just add validation data, in which case the client could then call another service to get a time-stamp. In other words, it seems EPM Verify translates to DSS Verify, with the EPM "ApplyPostmark" option translating to the DSS "Whether information used in verification should be returned" switch. Does that seem right? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]