[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x] Question regarding our good old DSS test vectors
Hi Juan Carlos, > El 25/02/13 16:51, Andreas Kuehne escribió: >> This 'detached and well known' mode makes it difficult to verify the >> signature. So I would propose to modify the SR-X-DET-* test cases to >> refer to a public document. Some test cases with an embedded document in >> different encoding styles would be dropped, but this part is still under >> test in the SR-X-ENV-* section. > Agreed. May I also suggest that the public document is actually a > publicly accessible document? yes, of course ;-) Should we try to provide a public test document at OASIS? They change their website structure any now and then ... I'll take a look what XMLDSig implenetations do in their test suites ... > >> >> For the same reason I would like suppress cryptographic verification of >> detached CMS signatures. > OK, agreed. >> 2. >> I guess this is the same problem as under 1. . Refer to an addressable >> document or drop verification of the test case ... >> > I would say that this makes that the initially envisaged set of test > cases that deal with the <SignaturePlacement> breaks in two subsets: > 1. In the first one, the signatures are enveloped. > 2. In the second one, the signature is placed within the document > passed to the server, BUT actually signs only a part of the document, > so that the signature is not actually enveloped by the signed data, > but it is a detached signature from the signed data object which > occurs to be also part of the document where the signature is placed. > In this case, the document, the signed data object, the RefUri and the > rest of input parameters to the server should carefully be selected.... > Yes, the first one is easy and already covered. The second one needs a new test vector. Currently I'm struggling with our own DSS implementation due to some bugs and many misinterpretations of the spec. Coming back to the core document after all these years I find it hard understand how to build a request for a specific purpose. E.g. if you just want to create a detached XML signature you have to read all through the document to learn that 'detached' is selected by neither requesting enveloped nor enveloping. I'll try to wrap up some sample requests into a 'Quickstart' document ... Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]