[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Individual reports for verification response
Does this information provide an attacker much information for analysis in a series of requests and meaningful responses? I guess this depends on the environment, but could be noted as a risk, depending on the detail of the reply. regards, Frederick Frederick Hirsch Nokia Mobile Phones > -----Original Message----- > From: ext Trevor Perrin [mailto:trevp@trevp.net] > Sent: Friday, June 20, 2003 1:44 PM > To: Juan Carlos Cruellas; dss@lists.oasis-open.org > Subject: Re: [dss] Individual reports for verification response > > > At 01:16 PM 6/20/2003 +0200, Juan Carlos Cruellas wrote: > > >Trevor, > > > >What about something like: > >"The server should be able to issue individual reports on each > >token it has verified (certificates, signatures, etc) when > the verification > >fails." > > When it fails, do you want: > - a report only on the thing that failed (this certificate > was revoked) > - also reports on the things that were good (this certificate was > revoked, these were good, these weren't checked yet) > > > You may leave a Technical Committee at any time by visiting > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave > _workgroup.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]