OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: AW: [dss-x] A question to the forum

Title: Message

Dear Detlef and Andreas,

 

Thanks for your comments.

 

I was only referring to the operation where a document or data buffer (or xml structure) is fully given to the signing server.

(I am not talking about a given hash option where the digest algorithm is specified.

 

I only wanted to make sure that current specification does not cover this configuration and if needed it can be an extension (as Detlef mentioned).

 

In my opinion, it is something that clients would like to have some control and not only be in the control of the server and naturally I think it should be defined in the standard.

 

Thanks,

Ezer

 

-----Original Message-----
From: Andreas Kuehne [mailto:kuehne@trustable.de]
Sent: Monday, February 07, 2011 12:28 PM
To: detlef.huehnlein@ecsec.de; Ezer Farhi
Cc: dss-x@lists.oasis-open.org
Subject: Re: AW: [dss-x] A question to the forum

 

Hmm, I would recommend to just leave it to the server ...
There may be tricky cross dependencies if you provide ready-made digest with a different algorithm. Whta if this is different from the one denoted to be used ?
And what should the digest algorithm apply for ? For the document hashing or the signature internal hash ?
Should it be a hint or an advice ? What type of error should be returned in case of an incompatibility ?

Greetings

Andreas

----- original Nachricht --------

Betreff: AW: [dss-x] A question to the forum
Gesendet: Mo, 07. Feb 2011
Von: Dr. Detlef Hühnlein
<detlef.huehnlein@ecsec.de>

Hallo Ezer,

 

in my point of view the explicit specification of the hash algorithm to

be used for the signature generation is very similar to the explicit selection of

a specific key (and hence implicitely signature algorithm + hash algorithm),

if there are multiple options available. Therefore I would propose to use the

KeySelector-structure (section 3.5.4 of the Core) and simply define structures,

which may appear in the Other-element.

 

What do think about this approach?

 

BR,

Detlef

 

 

Von: Ezer Farhi [mailto:Ezer@arx.com]
Gesendet: Sonntag, 6. Februar 2011 11:03
An: dss-x@lists.oasis-open.org
Betreff: [dss-x] A question to the forum

 

Hi,

 

I went over the DSS-core and could not find a way to direct the server to use a certain hash mechanism when performing a CMS signature or XML signature on a given document.
(When a hash is given it is possible to use the DigestMethod or the relevant given hash).

Did anyone bump into such a request?

 

Thanks,

Ezer

 



--- original Nachricht Ende ----

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]