[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Individual reports for verification response
Hi Trevor ! >> I agree that adding individual reports even if the >> verification succeeds could be convenient... >> Concerning the issue that Trevor points out, whether to >> let them as human-readable or machine-readable, well, >> certainly the last one would imply more work, but there are >> over there pieces of work already done dealing with similar >> issues, and we can use them, and besides that, as the >> answers will XML documents, easy XSLT transformations could >> be defined to translate them to a human-readable form.... >> So I think that we could initially try to define a machine-processable >> format.... > I would be completely happy with a machine-processable ormat. It should be up to the application to render the information in an convenient way. > I agree this would be a neat doodad, like watching your car go through > the carwash or something. Is it worth the effort though, if the only > point is to reassure the user that the signature was verified really good? Who said, that you shouldn't have fun with your signatures ? Anyway, my usual experience with a new-to-PKI-user is that they tend to believe the verification process is a fake, and it's implemented like 'return( true )'. The users are usually more convinced if you point out what has to be done in detail. So I am sure that a transparent verification process would ease the acceptance of digital signatures ! Moreover, I guess it's not a real effort for the implementors of the verification process. Ususally the generate all the relevant information for debug purposes anyway. So it's just an 'append_to_report' line here and there. > Assuming you do want this, we could add a bullet to 3.6.2 "Whether a > list of signature verification steps should be returned", and: > > 3.7.6 Signature Verification Steps > The verification service may return a list of the steps undertaken by > the server in verifying the signature (such as hashing the document, > checking the signature, validating the path, checking CRLs, etc.). > > Or feel free to suggest better text. It's good, I just would like to add ' and their outcome' at the end of the line. Greetings Andrew
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]