[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Individual reports for verification response
Hi Frederick, I remenber your worries were the first thought that came to my mind. But the security of signatures shouldn't rely on obscurity. And fortunately it doesn't ! Dtmo the transparency how a signature gets verified is much more useful for the broad adoption of signatures than the risk of informing an attacker. Greetings Andreas Kuehne Frederick.Hirsch@nokia.com wrote: > Does this information provide an attacker much information for analysis in a series of > requests and meaningful responses? I guess this depends on the environment, but could be noted > as a risk, depending on the detail of the reply. > > regards, Frederick > > Frederick Hirsch > Nokia Mobile Phones > > > > > >>-----Original Message----- >>From: ext Trevor Perrin [mailto:trevp@trevp.net] >>Sent: Friday, June 20, 2003 1:44 PM >>To: Juan Carlos Cruellas; dss@lists.oasis-open.org >>Subject: Re: [dss] Individual reports for verification response >> >> >>At 01:16 PM 6/20/2003 +0200, Juan Carlos Cruellas wrote: >> >> >>>Trevor, >>> >>>What about something like: >>>"The server should be able to issue individual reports on each >>>token it has verified (certificates, signatures, etc) when >>> >>the verification >> >>>fails." >>> >>When it fails, do you want: >> - a report only on the thing that failed (this certificate >>was revoked) >> - also reports on the things that were good (this certificate was >>revoked, these were good, these weren't checked yet) >> >> >>You may leave a Technical Committee at any time by visiting >>http://www.oasis-open.org/apps/org/workgroup/dss/members/leave >>_workgroup.php >> >> >> > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]