OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [dss] client-side hashing


Pieter,

> -----Original Message-----
> From: Pieter Kasselman [mailto:pkasselman@baltimore.com]
> Sent: Thursday, February 06, 2003 4:34 AM
> To: Kaliski, Burt; 'Trevor Perrin'; dss@lists.oasis-open.org
> Subject: RE: [dss] client-side hashing
> 
> 
> Hi Burt, when you mention key selection protocol, does that mean:
> 
> a) A method for selecting the client key to be used by the DSS server?
> b) A method for selecting the DSS server public key?
> 
> In the case of (a) I am not sure if we need a key selection 
> protocol (at
> least for a first version of the DSS server). The choice of a 
> specific key
> can be indicated through the choice of a specific policy. If 
> the end user
> has multiple keys and identities he may select between them 
> by indicating
> different policies. 

I think that key selection by the client is an important use case to
be considered. A signature service should also allow several 
different clients to have their documents signed with different
keys.

However, I do not think that there is a need for a key selection
protocol. Key selection could be as simple as let the the client
provide a key identifier in the signature service request.

/Gregor Karlinger

> 
> In the case of (b) that can possibly be included as part of a 
> general query
> on the capabilities of the DSS server. For instance the 
> client can send a
> getCapabilities request and receive a list of capabilities, 
> including a list
> of DSS public keys. The response can be signed by one of the 
> keys (or all of
> them). The client will need to be capable of verifying the signatures
> (implying some kind of trust point). We could also rely on 
> some underlying
> protocol to provide this information instead of explicitly 
> including it in
> the DSS protocol.
> 
> Regarding blind signatures it would be interesting to know 
> how widely they
> are used and what the market demand are for them. If there is 
> little demand
> I am not sure that we should spend to much energy specifying 
> a very flexible
> protocol just to allow for something that is rarely used (the 
> 20-80 rule).
> 
> Cheers
> 
> Pieter
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 

Attachment: smime.p7s
Description: application/pkcs7-signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC