OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x] RE: DSS-X: action #0041


I certainly agree in that certain scenarios would require all these 
three features present in a <dss:VerifyResponse>, namely:

1. Containers for including report on each signature found (the 
<SignatureVerificationReport> in my submisssion or the like)

2. Details on the data (certificates, crls, ocsp responses, timestamps, 
etc) used by the server during the verification process.

3. That the server actually signs the <dss:VerifyResponse> itself with 
its own private key so that the <dss:VerifyResponse> may be presented in 
the future as a kind of trusted ticket in case of litigation, for instance.

In our last conf call we initially agreed in defining a profile 
including features 1 and 2 and defining several conformance levels so 
that implementers could develop servers providing 1, 2 or 1 and 2, for 
instance. And this because these two features are strongly related.

The question is whether feature 3 is so strongly related to 1 and 2 as 
to also incorporate this feature to the profile or it deserves a 
different profile that servers could implement as other profiles and by 
doing so, providing the three aforementioned features....

Do you think that it is worth to define the three features in the same 

Juan Carlos.

Pope, Nick escribió:
> Juan Carlos,
> I have a feeling that may have similar aims in mind in providing a record of
> the verification of one or more signatures from a sever, that may be both
> used for verification.
> However, I have not had the time to look into this in detail so you may be
> right that they are original.
> Nick
>> -----Original Message-----
>> From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu]
>> Sent: 19 November 2007 17:43
>> To: 'Nick Pope'; dss-x; Juan Carlos Cruellas
>> Subject: DSS-X: action #0041
>> Nick,
>> At the last conf call I mentioned the message sent to the list on
>> merging the  "*Signed Verification Response profile" with "multiple
>> signature verification report".
>> *You may find my message at:
>> http://www.oasis-open.org/apps/org/workgroup/dss-
>> x/email/archives/200711/msg00032.html
>> At the last conf call, however, it was suggested to make a profile
>> managing at the same time:
>> 1. Capability for returning one report on the verification of each
>> signature (my initial proposal).
>> 2. Capability for making that the report contains an extensive list of
>> details on the verification process (ie, certificates checked, OCSP
>> responses, et, etc) (based on the schema that Detlef circulated some
>> time ago).
>> BUT having multiple conformance levels.
>> My feeling is that the profile for allowing the verification servers to
>> give back a signed VerifyResponse is ortogonal to the aforementioned
>> profile.
>> What is your view?
>> Thank you
>> Regards
>> Juan Carlos.
>> *
>> *
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]