[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [dss] client-side hashing
Pieter, > -----Original Message----- > From: Pieter Kasselman [mailto:pkasselman@baltimore.com] > Sent: Thursday, February 06, 2003 4:34 AM > To: Kaliski, Burt; 'Trevor Perrin'; dss@lists.oasis-open.org > Subject: RE: [dss] client-side hashing > > > Hi Burt, when you mention key selection protocol, does that mean: > > a) A method for selecting the client key to be used by the DSS server? > b) A method for selecting the DSS server public key? > > In the case of (a) I am not sure if we need a key selection > protocol (at > least for a first version of the DSS server). The choice of a > specific key > can be indicated through the choice of a specific policy. If > the end user > has multiple keys and identities he may select between them > by indicating > different policies. I think that key selection by the client is an important use case to be considered. A signature service should also allow several different clients to have their documents signed with different keys. However, I do not think that there is a need for a key selection protocol. Key selection could be as simple as let the the client provide a key identifier in the signature service request. /Gregor Karlinger > > In the case of (b) that can possibly be included as part of a > general query > on the capabilities of the DSS server. For instance the > client can send a > getCapabilities request and receive a list of capabilities, > including a list > of DSS public keys. The response can be signed by one of the > keys (or all of > them). The client will need to be capable of verifying the signatures > (implying some kind of trust point). We could also rely on > some underlying > protocol to provide this information instead of explicitly > including it in > the DSS protocol. > > Regarding blind signatures it would be interesting to know > how widely they > are used and what the market demand are for them. If there is > little demand > I am not sure that we should spend to much energy specifying > a very flexible > protocol just to allow for something that is rarely used (the > 20-80 rule). > > Cheers > > Pieter > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
Attachment:
smime.p7s
Description: application/pkcs7-signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC