OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Small Clarifications on DSS Spec WD-34

Hi All,

     Some small ones ...

- section 2.4.2 line 327 The server MUST use the <Schema> referred to by
<SchemaRefs> for validation if specified.

  This sentence should be clarified to state that the validation is solely
to resolve ID attribute references that mat be contained in the input. It is
therefore only mandatory (i.e. MUST) in that context. 347 should also be
clarified to reflect this point as well. It is nicely worded on line 451 in
section 2.5 Also section 2.8.6 line 648 should aslo be clarified. 

- section 2.4.2 331

  Must a caller use EscapedXML if their input contains PIs and Comments ? Or
can they use EscapedXML or even Base64XML. I am assuming these other element
types are also a valid way to pass up PIs and Comments. Please clarify.

- section 2.4.2 line 345

  The beginning of the sentence up to the comma "The MimeType attribute is
not required for XML signatures, ..." should be removed. The Base64Data
element should never contain XML signatures. They would go in Base64XML,
EscapedXML, or InlineXML. 

- section 2.8.2 Line 615 is not clear as it pertains to and inter-relates
with section 6.3 Role of each vis-a-vis "The server MUST ..." should be
clarified.

- section 3.1 SignRequest. It should be clarified how a caller passes up a
signature to be timestamped. Apparently SignatureObject as input on a Sign
was rejected early on. This should be clarified.

- section 3.5.2 line 880 Change "as a property or attribute of the resultant
signature." to "as a property or attribute of the resultant signature
(VerifyRequest) or the supplied signature (SignRequest)."

- section 3.5.6.2 CMS Enveloping Signatures, Variant Optional Input
<IncludeObject>

  All attributes of IncludeObject are XML-specific, not sure that
IncludeObject should even be valid for CMS signature creation. If it is
valid, this section is very unclear of the relation with InputDocuments

- section 4.3 does not cover the scenario where an InputDocument contains
the ds:Signature to be verified. This should be added. Section 4.3.1
Multi-Signature Verification refers to this possibility but it should be
reflected in Basic Processing.

- section 4.5 line 1366 should specify what implementations are obliged to
do with respect to backward compatibility with PKCS7.

- section 4.5 is silent on verification of CMS/PKCS7 signatures with
embedded timestamps. It is also silent on verification of standalone
CMS/PKCS7 timestamps which are by definition enveloping signatures. It is
also silent on the implementation's obligations with respect to the
verification of signature timestamps which are cryptographically bound to
signatures. I think we have an outstanding/postponed Action Item on this.

That is.

Cheers,
Ed

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]