OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: [dss-comment] Public Comment

I propose the following in response to the public comment on  <dss:TstInfo>
and RFC 3161:

Inma,

Thank you for raising this question on the DSS timestamp and RFC 3161.

As you noted the <dss:TstInfo> element was based upon the RFC 3161 stucture.
Some elements of the RFC 3161 fields were not included as the functionality
is covered elsewhere in the DSS protocol:

1) The nonce is optional in RFC 3161.  Its use allows the client to
prevent replay attacks.   DSS is designed to be used over a security binding
which prevents replay.  The serial number already provides for unqiueness.

2) Message imprint is not included as it is in the XML DSig <ds:reference>
and this allowing greater flexibility in the object being timestamped.

3) The version is identified through the XML Namespace.

4) The <dss:Timestamp> element is extensible by adding additional elements
within the <ds:object> element within the <ds:signature> forming the
<dss:timestamp>

5) <ErrorBound> is equivalent to Accuracy

Nick Pope
co-chair OASIS DSS



-----Original Message-----
From: comment-form@oasis-open.org [mailto:comment-form@oasis-open.org]
Sent: 12 January 2006 12:22
To: dss-comment@lists.oasis-open.org
Subject: [dss-comment] Public Comment


Comment from: inma@dif.um.es

Name: Inma Marín

Title: IT Consultant

Organization: University of Murcia

Regarding Specification: DSS Core Committee Draft 3 (DSS Core Elements)



As far as <dss:TstInfo> element is concerned (within <dss:Timestamp> element
which contains an XML Timestamp Token) and, after comparing it with TSTInfo
element in RFC 3161, I noticed that <dss:TstInfo> does not include some
elements that are contained in RFC 3161 TSTInfo, such as, "nonce" and
"extensions". I wonder why these differences exist regarding RFC 3161. Could
you be so kind as to tell me why the structure of a <dss:TstInfo> is
different from RFC3161 TSTInfo, please?



Is it a mistake or an oversight? I can not understand why they are not
incoporated to <dss:TstInfo>. Thank you very much in advance.



Inma.

---------------------------------------------------------------------
To unsubscribe, e-mail: dss-comment-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: dss-comment-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]