[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Regarding DSS Extension for Local Signature Computation ...
Hi Ernst, I got two major points that I would like to discuss regarding the 'Local Sig Comp' profile. But first of all I strongly support the creation of the profile. We implemented such a functionality in our signing server many years ago.
From an architectural view point I would prefer to decompose the
'Local Sig Comp' use case into a signature creation request, a
local signing service and a registration/delegation mechanism that
enables the local signing service to register with the remote
server. The local signing service itself should be a minimized DSS
instance, capable of processing PKCS1 requests only. So I would
propose a 'PKCS1-only server profile' and a POAS (or webSocket)
binding to accomplish the same as you outlined in the 'Local Sig
Comp' profile. But with more versatile and reusable parts. On the
other hand it's not self explaining how to combine these generic
blocks into a running system. So your profile is required to
outline the way of combining the other profiles/bindings and to
care about the security and regulatory aspects. Greetings, Andreas -- Andreas Kühne phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]