[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Individual reports for verification response
Hi, I agree that adding individual reports even if the verification succeeds could be convenient... Concerning the issue that Trevor points out, whether to let them as human-readable or machine-readable, well, certainly the last one would imply more work, but there are over there pieces of work already done dealing with similar issues, and we can use them, and besides that, as the answers will XML documents, easy XSLT transformations could be defined to translate them to a human-readable form.... So I think that we could initially try to define a machine-processable format.... Juan Carlos. At 12:33 24/06/2003 -0700, Trevor Perrin wrote: >At 08:56 AM 6/24/2003 +0200, Andreas Kuehne wrote: >>Content-Transfer-Encoding: 7bit >> >>Hi All, >> >>>>What about something like: >>>>"The server should be able to issue individual reports on each >>>>token it has verified (certificates, signatures, etc) when the verification >>>>fails." >>> >>>When it fails, do you want: >>> - a report only on the thing that failed (this certificate was revoked) >>> - also reports on the things that were good (this certificate was >>> revoked, these were good, these weren't checked yet) >> >>would it cause any problems if we have an option to get a full report when >>the verification evaluates to 'true', too ? >> >>I'm suffering frommthe low acceptance of digital signatures in 'real >>life'. It would be more persuasive for a doubting user to have a notion of >>all the work ( digesting, CRL Checks, OCSP calls ... ) that was done on >>behalf of his verification request. If you implement a report for the >>failure case, you don't have to implement another for the success case. > >3.7.5 has the idea of actually returning the verification info that was >used, or references to it (CRL Checks, OCSP responses), and we were going >to add a switch in 3.6.2, I think, to request this info. Would that take >care of this as well? > >Probably not. It sounds like you want more a list of what the server did >(first digested, then verified signature against key, then validated cert >path, then checked CRLs for certs in path, etc.). If we just want this to >be human-readable, then we could let the server put whatever it wants in >it. If we wanted it to be machine-readable we'd have to standardize how >each "event" is represented, and that might be a bit of work. Though I >guess if we're going to make a list of all the things that might fail, it's >not hard to also list all the things that might succeed. > >Trevor > > >You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]