[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: firstname.lastname@example.org Name: Inma Marín Title: IT Consultant Organization: University of Murcia Regarding Specification: DSS Core Committee Draft 4 (DSS Core Elements) I would like to point out two aspects: 1. Regarding optional input <AddTimestamp>, in section 184.108.40.206 "Processing form XML signatures time-stamping" it is said that "... the timestamp token created by the server shall be a <ds:Signature>". However, most of the TSAs create RFC3161 timestamp tokens, so I think it is recommended to take it into account and allow to embed a RFC3161 timestamp token into a XML Signature. 2. As far as verification of enveloping CMS signatures is concerned, section 4.5 says: "2. [...]if the CMS signature is enveloping, it contains its own input data and there MUST NOT be any input documents presents". On the contrary, there are situations where we need to supply the original signed document in order to check if the signed document (included in the CMS signature) matches the document which was intended to be signed (original document). If it is not possible to include the original document as an input document in the VerifyRequest, maybe the service should return (in the VerifyResponse) the signed document within the cms signature, so the client can accomplish the matching (signed document against original document) by himself. I would like to know your expert opinion about this topics. Thank you very much in advance. Regards, Inma.