OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [dss] ISSUE#4: SIGNATUREOPTIONS (SIGN REQUEST DISCUSSION)


At 18:02 09/09/2003 -0700, Trevor Perrin wrote:
>>
>>         3. I propose to add again the CanonicalizationMethod  and 
>> SignatureMethod
>>(both
>>         of them could be optional just for dealing with the
>>         case of a profile already definining them). Justification: the 
>> requester
>>may be
>>         interested by any reason to instruct the server which 
>> canonicalization
>>algorithm
>>         it has to use and what signing algorithms to use...And in the 
>> simplest
>>case, they
>>         will not appear...
>
>These are both low-level details that weren't anticipated in the 
>requirements doc, and which I don't see much use for.
>
>CanonicalizationMethod is just for canonicalizing ds:SignedInfo.  Why would 
>the client care how this is done?
>

>As for SignatureMethod, wouldn't the server know on its own which 
>SignatureMethod to use with different key types?  Why would the client want 
>to control this?
>
>Trevor 
>
<JC>
Making them optional would allow the requester to control, and certainly
it can happen that the requester wants to control because the recepient
of the signed documents imposses restrictions to them. If a big retail 
department store in one country imposes to its providers to exchange
with it electronically signed documents, it will probably impose its own
premises, no matter the profiles already anticipated by external signature
servers following our protocol. 
</JC>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]