RE: [dss] Approach to code-signing profile

["Deacon, Alex" <alex@verisign.com>]

Title: Message

Agreed.  What key's are used by the service should be pretty flexible to allow for various biz models.  For example not only should we separate the key used to sign the request from the service key, but the framework should also not constrain a single requestor to a single key.

 

Regards,

Alex

 

-----Original Message-----
From: Pieter Kasselman [mailto:PKasselman@betrusted.com]
Sent: Tuesday, January 20, 2004 8:38 AM
To: 'Nick Pope'; Pieter Kasselman; dss@lists.oasis-open.org
Subject: RE: [dss] Approach to code-signing profile

Hi Nick

Without getting to philosophical about it, I would prefer to separate the request for a signature from the ownership of the key. Ownership tends to be a business relationship as opposed to a request/response protocol which is easy to define. In other words, I think both scenarios need to be supported by the profile.

Cheers

Pieter

-----Original Message-----
From:   Nick Pope [SMTP:pope@secstan.com]
Sent:   20 January 2004 16:12
To:     Pieter Kasselman; dss@lists.oasis-open.org
Subject:        RE: [dss] Approach to code-signing profile

Pieter,
 
With the code signing profiles do you expect that the model will be the signing on behalf of the requestor using a key belonging to the server, or would it be the signing key would be specific to the requestor?


Nick

-----Original Message-----
From: Pieter Kasselman [mailto:PKasselman@betrusted.com]
Sent: 20 January 2004 11:11
To: dss@lists.oasis-open.org
Subject: [dss] Approach to code-signing profile



Hi, here is an outline on the approach to the code-signing profile.

<<oasis-dss--csprofile-dicussion-01.doc>>

Cheers

Pieter