[Fwd: Re: Implementations...]

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Dear all, as agreed in our last conf call I forward the last email exchanged
between Ed, Andreas and myself concerning the implementations for 
initial interop
Regards

Juan Carlos.
-------- Original Message --------
Subject: 	Re: Implementations...
Date: 	Thu, 23 Dec 2004 12:46:05 +0100
From: 	Juan Carlos Cruellas <cruellas@ac.upc.es>
To: 	ed.shallow@rogers.com
CC: 	Andreas Kuehne <kuehne@klup.de>, Nick Pope <pope@secstan.com>
References: 	<20041222175115.11859.qmail@web88105.mail.re2.yahoo.com>



Ed,

Thank you very much...
I put in copy to Andreas as he is also interested in
participating.

Concerning your first approach... see below
Ed Shallow wrote:

>Hi Juan-Carlos,
>
>   Thanks for the kind wishes, and extend the same to you and Nick as
>well. Yes you are right, not much will happen until early January. A
>few quick thoughts:
>
>  
>
Thanks a lot.

>- I'd like to start with core first, see how much time we consume and
>only then consider if we can afford the time to do a profile or 2 (EPM
>and XAdES ? core and XAdES ? core and EPM ?) 
>  
>
I agreee with starting with the core.
Agreed also ulterior consideration whether we can afford for a profile 
or two.

>- I was thinking that a small finite set of request scenarios would be
>sufficient to keep work down
>
>  
>
Agreed.

>- A few legacy PKCS7 scenarios, and a few XMLSig scenarios
>
>  
>
Agreed

>- at least one kind of timestamp
>
>  
>
I guess that you are envisaging the XML timestamp defined by the DSS...

>- A few Sign request permutations and a few Verify permutations
>
>  
>
When you speak of permutations do you mean different requests with
different combinations of optional inputs? I this case
should we envisage all the opotional inputs except those that we
could explicitely exclude? Ideally, it would be great if we could
test all of them but...

>- No multiple signature Verification
>
>  
>
Agreed

>- No ProcessingDetails
>
>  
>
Agreed

>- We probably should do something around SignaturePtr (Xpath
>expression) as there was lots of discussion around this and there could
>be some gotchas in here. I tripped over at least oen already.
>
>  
>
Yes... Xpath management is a good test

>- Not sure how much you want to get into Signed/Unsigned Property
>scenarios
>
>  
>
I would not go too much into it when testing the core... We could
leave it for the end of the tests

>- We would have to get on a common certificate/key set, I could
>volunteer to generate test certificates/keys in P12 and PEM format for 
>the tests
>
>  
>
That would be great. Thanks

>- Depending on the scope, I do not think I can deliver much before
>March
>
>  
>
Yes... I would also say so

>- we could release results as we go
>
>  
>
Of course...


Regards and thanks.

Juan Carlos.

>Thoughts ?
>Ed
>
> --- Juan Carlos Cruellas <cruellas@ac.upc.edu> wrote: 
>  
>
>>Dear Ed,
>>
>>First of all let me to express my best wishes for what is
>>left of the current year and the next one... I wish you merry
>>Christmas that allow you to take the rest that you well deserve...
>>
>>After that, just a few lines to somehow "launch" the communication
>>stream for implementations of the core....
>>Starting with the UPC... At present I have not been able yet to
>>arrange details of the time framework for our first developments,
>>which is something that I expect to do during the next weeks...and
>>as soon as I may do I will let you know ...
>>
>>In the mean time, perhaps we could have some kind of exchange of
>>information trying to delimitate the scope of our "interoperability
>>tests"?
>>I guess that both are going for holidays now and that it will not be
>>very
>>likely to have this discussion before January (at least on my
>>side)....
>>
>>Regards
>>
>>Juan Carlos.
>> 
>>    
>>
>
>  
>