[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [dss] client-side hashing
Greetings, I'd like to propose that a client may compute the hash on some document himself, then request the service to sign/verify this hash. This would be more efficient that submitting the whole document. It would also keep the document's contents hidden from the service. This might be a disadvantage in use cases like Carlisle's "Corporate Seal", where the corporation would like to keep a record of what it has signed. It might be an advantage in Carlisle's "Identified Requester" case, where the service is simply a private-key-holder for the client, and the less the client has to trust it the better. To sign, a client could send a ds:SignedInfo and receive back a ds:Signature. To verify, the client would perform reference validation himself, then forward the ds:Signature to the service for signature validation. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC