[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] "Required" Designation on SignatureObject within VerifyRequest
At 10:45 PM 4/16/2004 -0400, Edward Shallow wrote: >You are missing the point. Are you saying that profiles are categorically >restricted from pursuing scenario-specific support of multiple signature >verification ? Not necessarily. We support time-stamped signatures for example, which are similar to counter-signed signatures. As long as there's a single main signature, profiles are welcome to add other stuff. Support for counter-signed signatures would be a good idea for the core or XAdES profile. However, changing the verify protocol so it can verify multiple *main* signatures is a big deal: you'd need to change or disallow all the core options, define entirely new result codes, change the processing rules, and omit the <SignatureObject>. In my opinion, profiles shouldn't have this much flexibility. Profiles should constrain and extend the core, not redefine it. So if we want this functionality I think we should add it to core. Loosening the core syntax so that profiles can do whatever they want is a recipe for chaos. Anyways, this dicussion touched on a few possible features: a) counter-signatures (or other "subsidiary" signatures) b) ability for client to not send <SignatureObject> c) ability to verify multiple signatures in a single call I think (a) would be the easiest, (c) would be the hardest. If you would be happy with (a) or (b) then perhaps we should focus on that. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]