[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] JPMorgan/RSA message
At 10:53 AM 10/18/2004 -0400, Glenn.Benson@chase.com wrote: >Yes, Trevor is correct. n PSTP, the Signature Gateway holds the private >keying material of the asymmetric pair. The client authenticates him or >herself with the OTP. > >The <ReturnUpdatedSignature> field is interesting; however, its semantics >may be a bit too narrow: "Alternatively, the output may contain an entirely >new signature on the same input documents as the input signature". While >these semantics are useful, other alternatives may also be applicable. For >example, we could potentially permit the output to contain a signature of >the client's signature. The semantics for <ReturnUpdatedSignature> are meant to be undefined so that profiles can have it mean whatever they want. The previous sentence to the one you cite says "The <UpdatedSignature> optional output may contain the original signature with some additional unsigned signature properties added to it", which allows for counter-signing of the original signature, as you mention. However, that entire paragraph should be prefaced with "For example, ", which I'll add in next draft. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]