RE: [dss] Public Comment reply

["Nick Pope" <pope@secstan.com>]

OK fine

Minor suggestions - I suggest that you move the 2nd para "You are right ..."
to before the profile.  Also, explain EPM is "Profile for Universal Postal
Union's Electronic Post Mark profile of DSS".

Final you could mention a 2nd CD version of the DSS documents will be
available very shortly though the DSS home page.

Nick

> -----Original Message-----
> From: Juan Carlos Cruellas [mailto:cruellas@ac.upc.edu]
> Sent: 08 February 2005 10:43
> To: DSS TC List
> Subject: [dss] Public Comment reply
>
>
> Dear all,
>
> Concerning to the last comment sent by Antonio Ruiz,
> I have noticed two main answers: one by Ed and the other
> by Trevor. I propose then to make a joint response to the
> last question (why not to allow multiple ds:Signature elements
> in the SignatureObject) so that this closes the issue....
>
> Below follows the proposal. As said the text contains Ed's, Trevor's and
> myself text....
>
> "The core expects verification of all signatures if present in the
> InputDocuments element of the Verify. The EPM also supports
> verification of
> specific signatures if our NodeName optional input is specified. The core
> and the EPM must verify all signatures present in the
> InputDocuments element
> if present. This is default behavior in the core, but the user
> must include
> the signatures in an InputDocuments element.
>
> You are right, the SignatureObject was never intended to support more than
> one signature. InputDocuments containing more than one signature is a
> different story alltogether, and is supported.This makes that
> verification
> of multiple signed documents that enclose their signatures may be
> requested in one message.
>
> This committee decided not to allow separated multiple signatures of
> multiple documents
> because of the complexity that it would bring to the processing and also
> because
> it could be arguable that separated multi-signature verification would
> be frequent enough to
> make the savings worth the complexity.
>
> In any case, with the current specifications, if such a case occurred,
> one always could try pipelining requests to the server. "
>
>
> Does this answer seem to collect all the given arguments so far?
>
> Juan Carlos.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dss-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: dss-help@lists.oasis-open.org
>
>
>