Comments for section 3.5.2:
- Schema Definition: I remember that in the editorial telco we’ve
agreed to use the <UpdateSignatureInstructionType>, so this
definition should be changed.
- Line 1066: In both scenarios?.
If so, make it clear.
- Line 1068, 1092 and
1104: Why
only in scenario b?. A timestamp should be added
independently from the verification result. For me, don’t verify in
any case.
- Lines 1074 and 1077: There’s no <dss:timestamp> element.
- XML Timestamps on XML
Signatures:
- What about enveloped signatures in
scenario a… we cannot return them inside the signature object.
- Does the scenario b support enveloped
signatures?. (Not explicitly denied)
- RFC3161 Timestamp on
XML signature:
- What do we timestamp?.
The placement is explained but I can’t find any details about what
to timestamp (former ones do include this).
- Enveloped signature concerns in point 5
also apply.
Best Regards,
Carlos
Carlos Gonzalez-Cadenas
Chief Security Officer
Diagonal 188-198 Planta 2
08018 Barcelona
tel: 902 303 393
fax: 902 303 394
gonzalezcarlos@netfocus.es
www.netfocus.es