RE: [dss] JPMorgan/RSA message

["Nick Pope" <pope@secstan.com>]

> In the example, Ke was the public key.
>

Thanks Trevor.  I missed that.   So the Signature Gateway has the private
key?

Nick

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net]
> Sent: 18 October 2004 08:15
> To: dss@lists.oasis-open.org
> Subject: RE: [dss] JPMorgan/RSA message
>
>
> At 08:24 PM 10/17/2004 +0100, Nick Pope wrote:
> >Glen,
> >
> >Your input are very useful in bringing in a fresh perspective on
> what we are
> >doing in DSS.
> >
> >Firstly, can I check that I have a proper understanding of the
> operation of
> >the PSTP protocol.  Is the private key used to protect the symmetric keys
> >(referred to as Ke) loaded up to the client system within the Applet /
> >Active X code, or loaded separately into the client system by some other
> >means?
>
> In the example, Ke was the public key.
>
>
> >Secondly, I like the idea of the Signature Gateway profile.  I
> can see this
> >have a wide number of uses, taking a signature, adding information on its
> >validity and applying a second signature.
>
> Yeah, this is another example of Verify-then-Sign (use Verify protocol,
> with the <ReturnUpdatedSignature> option).
>
>
> >Do I understand the proposed operation of the Secure Gateway is
> an in-line
> >message service.  Would this be using SOAP or similar protocol?  The DSS
> >currently operates on a request / response with the response
> going back to
> >the original client.
>
> Yeah, we need to drill into this more (where exactly DSS fits in
> an inline
> Signature Gateway).
>
>
> Trevor
>
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
> kgroup.php.
>
>
>