OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss] Individual reports for verification response

Hi Trevor !

>> I agree that adding individual reports even if the
>> verification succeeds could be convenient...
>> Concerning the issue that Trevor points out, whether to
>> let them as human-readable or machine-readable, well,
>> certainly the last one would imply more work, but there are
>> over there pieces of work already done dealing with similar
>> issues, and we can use them, and besides that, as the
>> answers will XML documents, easy XSLT transformations could
>> be defined to translate them to a human-readable form....
>> So I think that we could initially try to define a  machine-processable
>> format....
> 
I would be completely happy with a machine-processable ormat. It should be up to the application to render the information in an convenient way. 

> I agree this would be a neat doodad, like watching your car go through 
> the carwash or something.  Is it worth the effort though, if the only 
> point is to reassure the user that the signature was verified really good?

Who said, that you shouldn't have fun with your signatures ?

Anyway, my usual experience with a new-to-PKI-user is that they tend to believe the verification process is a fake, and it's implemented like 
'return( true )'. The users are usually more convinced if you point out what has to be done in detail. So I am sure that a transparent 
verification process would ease the acceptance of digital signatures !

Moreover, I guess it's not a real effort for the implementors of the verification process. Ususally the generate all the relevant information for debug purposes anyway. 

So it's just an 'append_to_report' line here and there.



> Assuming you do want this, we could add a bullet to 3.6.2 "Whether a 
> list of signature verification steps should be returned", and:
> 
> 3.7.6 Signature Verification Steps
>   The verification service may return a list of the steps undertaken by 
> the server in verifying the signature (such as hashing the document, 
> checking the signature, validating the path, checking CRLs, etc.).
> 
> Or feel free to suggest better text.

It's good, I just would like to add ' and their outcome' at the end of the line.


Greetings

Andrew

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]