the standard case would be to omit this element and just leave it to
the server to choose the hash algorithm, signature algorithm and key on
a specific token.
However there may be situations in which the client wants to specify
the desired set of algorithms (or even token/keys etc.). If an explicit
key is specified, there should be an error if there is no such key. If
an algorithm is requested, which is not supported, the server may
select a different depending on its policy.
Von: Andreas Kuehne [mailto:email@example.com]
Gesendet: Montag, 7. Februar 2011 11:28
An: firstname.lastname@example.org; Ezer@arx.com
Betreff: Re: AW: [dss-x] A question to the forum
Hmm, I would recommend to just leave it to the server ...
There may be tricky cross dependencies if you provide ready-made digest with a different algorithm. Whta if this is different from the one denoted to be used ?
And what should the digest algorithm apply for ? For the document hashing or the signature internal hash ?
Should it be a hint or an advice ? What type of error should be returned in case of an incompatibility ?
----- original Nachricht --------
Betreff: AW: [dss-x] A question to the forum
Gesendet: Mo, 07. Feb 2011
Von: Dr. Detlef Hühnlein
in my point of view the explicit specification of the hash algorithm to
be used for the signature generation is very similar to the explicit selection of
a specific key (and hence implicitely signature algorithm + hash algorithm),
if there are multiple options available. Therefore I would propose to use the
KeySelector-structure (section 3.5.4 of the Core) and simply define structures,
which may appear in the Other-element.
What do think about this approach?
Von: Ezer Farhi [mailto:Ezer@arx.com]
Gesendet: Sonntag, 6. Februar 2011 11:03
Betreff: [dss-x] A question to the forum
I went over the DSS-core and could not find a way to direct the server to use a certain hash mechanism when performing a CMS signature or XML signature on a given document.
(When a hash is given it is possible to use the DigestMethod or the relevant given hash).
Did anyone bump into such a request?
--- original Nachricht Ende ----