Public Comment reply

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Dear all,

Concerning to the last comment sent by Antonio Ruiz,
I have noticed two main answers: one by Ed and the other
by Trevor. I propose then to make a joint response to the
last question (why not to allow multiple ds:Signature elements
in the SignatureObject) so that this closes the issue....

Below follows the proposal. As said the text contains Ed's, Trevor's and
myself text....

"The core expects verification of all signatures if present in the
InputDocuments element of the Verify. The EPM also supports verification of
specific signatures if our NodeName optional input is specified. The core
and the EPM must verify all signatures present in the InputDocuments element
if present. This is default behavior in the core, but the user must include
the signatures in an InputDocuments element.

You are right, the SignatureObject was never intended to support more than
one signature. InputDocuments containing more than one signature is a
different story alltogether, and is supported.This makes that verification 
of multiple signed documents that enclose their signatures may be 
requested in one message.

This committee decided not to allow separated multiple signatures of 
multiple documents
because of the complexity that it would bring to the processing and also 
because
it could be arguable that separated multi-signature verification would 
be frequent enough to
make the savings worth the complexity. 

In any case, with the current specifications, if such a case occurred,
one always could try pipelining requests to the server. "


Does this answer seem to collect all the given arguments so far?

Juan Carlos.