[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] ISSUE#4: SIGNATUREOPTIONS (SIGN REQUEST DISCUSSION)
At 18:02 09/09/2003 -0700, Trevor Perrin wrote: >> >> 3. I propose to add again the CanonicalizationMethod and >> SignatureMethod >>(both >> of them could be optional just for dealing with the >> case of a profile already definining them). Justification: the >> requester >>may be >> interested by any reason to instruct the server which >> canonicalization >>algorithm >> it has to use and what signing algorithms to use...And in the >> simplest >>case, they >> will not appear... > >These are both low-level details that weren't anticipated in the >requirements doc, and which I don't see much use for. > >CanonicalizationMethod is just for canonicalizing ds:SignedInfo. Why would >the client care how this is done? > >As for SignatureMethod, wouldn't the server know on its own which >SignatureMethod to use with different key types? Why would the client want >to control this? > >Trevor > <JC> Making them optional would allow the requester to control, and certainly it can happen that the requester wants to control because the recepient of the signed documents imposses restrictions to them. If a big retail department store in one country imposes to its providers to exchange with it electronically signed documents, it will probably impose its own premises, no matter the profiles already anticipated by external signature servers following our protocol. </JC>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]