[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] CMS (request for comments)
Greetings DSSers, We have 2 proposals for CMS verify. We need people to review and vote for one or the other, so we can finish up the core! Background: a CMS enveloping or detached signature is a "SignedData", which can contain multiple "SignerInfo"s. Each SignerInfo functions as a co-signature or counter-signature. SignerInfo approach ------------------------------ - client extracts a SignerInfo from SignedData - client sends SignerInfo inside <SignatureObject>/<Base64Signature> - client sends enveloped or detached content as an input document - PROS: - allows client to verify any co-signature or counter-signature - allows client to use client-side hashing - CONS: - may require modifying CMS libraries to support extraction of a SignerInfo (on the client-side) and its verification on the server-side SignedData approach ------------------------------ - client sends SignedData inside <SignatureObject>/<Base64Signature> (as above) - if a detached signature, content comes in an input document - if an enveloping signature, content is inside SignedData (and no input documents) - if there are co-signatures or counter-signatures, the server will reject the request - PROS: - easy to do with pre-existing CMS libraries - CONS: - doesn't support client-side hashing for enveloping signatures - doesn't support co-signatures or counter-signatures - requires making <InputDocuments> optional Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]