[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] FW: [dss-comment] Public Comment
Nick, I share your view. I think that this is not the TC for addressing the full signatures archiving problem and I would say that we should not be diverted from the most crucial point today: getting a new CD for the core. But, maybe if there is somebody interested in doing some work for that we could, nevertheless, study the feasibility of incorporating very very basic features. Just as an example of the kind of issues that this decision could open, I just write down my first thoughts on the issue. First, I do not think that we should envisage to do it in the core, but in a profile (XAdES could be one, or as you say a new abstract profile). If we decide to go in this direction one could anticipate the definition of some inmediate operations: 1. request signature generation and archiving (profile of SignRequest). 2. Request signature validation and archiving (profile of VerifyRequest. Some issues here: For 1 what happens to the SignResponse? should the server once generated and archived the signature send it back to the client? I guess that in addition the profile could define a new result message saying, archived, and add an element with a kind of reference for ulterior usage. In addition to that this minimum set of operations should incorporate a retrieval operation, ie, the client should be able to pass the server with a reference and get back the signature...but, what operation should this one be a profile of? should it be a degenerated case of a SignRequest? As you see there are a number of issues to be solved and decided...anyway is up to us decide whether we would like to open this issue or not. My conclusion: we must concentrate during these next weeks on the generation of a stable version of the core. In parallel wait for reaction to Nick's message and make a decission based on three parameters: the progress on the core, the opinion of the members of the TC on whether this issue falls within its scope, and the reaction to Nick's message Regards Juan Carlos. Nick Pope wrote: >All, > >I have sent an initial response to Carlos González-Cadenas regarding these >comments as you will see in the separate message. > >As I stated I believe the first comment has already been addressed. > >The second issue regarding including archiving signatures. Whilst, I think >a full signature archiving protocol is outside our scope, I do believe that >archiving signatures and related vericiation information (certificates, >CRLs), is important for supporting long term signatures. > >I suggest that we define an abstract profile, or possibly extend the XAdES >profile, which add an additional optional input to sign / verify requesting >that the signature and related verification information are archived. > >Thoughts? > >Nick > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]