[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] OASIS DSS - SignatureObject on Input
Trevor, As it applies to the "timestamp this CMS signature please" scenario, your suggestion works technically (although it is much messier for you and the protocol), but not semantically. Both the request and the response are just CMS/PKCS7 SignedData signatures. If one assumes that this is all driven by an AddTimestamp optional input and the SignatureType is RFC3161, then why would the client be sending in more than one signature/document ? Hence <SignaturePlacement> and <WhichDocument> are superfluous in the CMS scenario. For XMLSig everything is fine. However, the AddTimestamp optional input section could use some beefing up in the XMLSig area as well. Examples: If the AddTimestamp attribute specifies a content timestamp, then SignaturePlacement should be used; If the AddTimestamp attribute specifies a signature timestamp, then the timestamp will be placed in the same document as the signature, and SignaturePlacement should be be used to specify the exact placement (i.e. XpathAfter). This whole timestamp area should be clarified for both CMS and XMLSig. In summary, I really see no down side in simply allowing an existing element (i.e. SignatureObject) to appear in a Sign request for semantic integrity. Your changes to <DocumentwithSignature> will start to make it look like <DocumentBase>, and THAT will really get confusing. Do you have a good reason not to add it ? Ed -----Original Message----- From: Trevor Perrin [mailto:trevp@trevp.net] Sent: September 14, 2004 9:58 PM To: dss@lists.oasis-open.org Subject: RE: [dss] OASIS DSS - SignatureObject on Input At 12:16 PM 9/14/2004 -0400, Edward Shallow wrote: >Simply put, because what is being passed in is not a Document, it is a >Signature. Again, you are failing to consider CMS which should clarify >it for you. You're right that the <SignaturePlacement> optional input only works with XML, and thus can't be used to instruct the server to insert a produced signature (or timestamp) into an input CMS signature. If we want to support this, I propose we generalize the <SignaturePlacement> / <DocumentWithSignature> so that it's not XML specific, but allows the client to indicate any Input Document, even if it's binary (such as a CMS signature), and receive back a <DocumentWithSignature> that may be binary as well. Would you be happy with this? Trevor To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]