[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x-comment] One comment and one question
Hi Juan Carlos,
1. I would like to pass you a comment received to the ETSI TS 119 442 draft that was put in public domain for getting comments of stakeholders. Despite the fact the comment was raised for this document, I think that it actually is a comment for DSS-X core v2.0. The comment was as follows:here we try to be in line with the definitions made in RFC 7519 and to use the given abbreviations and to define short descriptor in the way that it's common in the JSON world. We had no intention to be 'creative' but to align with given use. Hmm, due to my understanding the Manifest is not an element of DSS but of XMLDSig. If a given XML signature includes a reference (in a Manifest or elsewhere) the verification server should be able verify it. From the DSS point of view I would not limit the set of verifiable signatures to those with references to local documents. A server may reject to follow a given reference due to security reasons (e.g. amplification attacks). But that's beyond the scope of DSS. Greetings, Andreas
-- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]