RE: [dss] Individual reports for verification response

["Nick Pope" <pope@secstan.com>]

My experience is the more information provided on which cert fails and why,
the easier it is to get a system up and running.

The security of the system depends on the keys, not that the correct
certificates are used.

Nick

> -----Original Message-----
> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
> Sent: 03 July 2003 16:03
> To: trevp@trevp.net; cruellas@ac.upc.es; dss@lists.oasis-open.org
> Subject: RE: [dss] Individual reports for verification response
>
>
> Does this information provide an attacker much information for
> analysis in a series of
> requests and meaningful responses? I guess this depends on the
> environment, but could be noted
> as a risk, depending on the detail of the reply.
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia Mobile Phones
>
>
>
>
> > -----Original Message-----
> > From: ext Trevor Perrin [mailto:trevp@trevp.net]
> > Sent: Friday, June 20, 2003 1:44 PM
> > To: Juan Carlos Cruellas; dss@lists.oasis-open.org
> > Subject: Re: [dss] Individual reports for verification response
> >
> >
> > At 01:16 PM 6/20/2003 +0200, Juan Carlos Cruellas wrote:
> >
> > >Trevor,
> > >
> > >What about something like:
> > >"The server should be able to issue individual reports on each
> > >token it has verified (certificates, signatures, etc) when
> > the verification
> > >fails."
> >
> > When it fails, do you want:
> >   - a report only on the thing that failed (this certificate
> > was revoked)
> >   - also reports on the things that were good (this certificate was
> > revoked, these were good, these weren't checked yet)
> >
> >
> > You may leave a Technical Committee at any time by visiting
> > http://www.oasis-open.org/apps/org/workgroup/dss/members/leave
> > _workgroup.php
> >
> >
>
> You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php