Re: [dss] FW: [dss-comment] Public Comment

[Juan Carlos Cruellas <cruellas@ac.upc.edu>]

Nick,

I share your view. I think that this is not the TC for addressing
the full signatures archiving problem and I would
say that we should not be diverted from the most crucial point today: 
getting
a new CD for the core.
But, maybe if there is somebody interested in doing some work
for that we could, nevertheless, study
the feasibility of incorporating very very basic features.

Just as an example of the kind of issues that this decision could open,
I just write down my first thoughts on the issue. First, I do not think 
that we should envisage
to do it in the core, but in a profile (XAdES could be one, or as you
say a new abstract profile).

If we decide to go in this direction one could anticipate
the definition of some inmediate operations:

1. request signature generation and archiving (profile of SignRequest).
2. Request signature validation and archiving (profile of VerifyRequest.


Some issues here: For 1 what happens to the SignResponse? should the 
server once generated
and archived the signature send it back to the client? I guess that in 
addition
the profile could define a new result message saying, archived, and add
an element with a kind of reference for ulterior usage.

In addition to that this minimum set of operations should incorporate a
retrieval operation, ie, the client should be able to pass the server
with a reference and get back the signature...but, what operation should
this one be a profile of? should it be a degenerated case of a SignRequest?

As you see there are a number of issues to be solved and decided...anyway
is up to us decide whether we would like to open this issue or not.


My conclusion: we must concentrate during these next weeks on the generation
of a stable version of the core. In parallel wait for reaction to Nick's 
message
and make a decission based on three parameters: the progress on the 
core, the
opinion of the members of the TC on whether this issue falls within its 
scope,
and the reaction to Nick's message


Regards

Juan Carlos.
Nick Pope wrote:

>All,
>
>I have sent an initial response to Carlos González-Cadenas regarding these
>comments as you will see in the separate message.
>
>As I stated I believe the first comment has already been addressed.
>
>The second issue regarding including archiving signatures.  Whilst, I think
>a full signature archiving protocol is outside our scope, I do believe that
>archiving signatures and related vericiation information (certificates,
>CRLs), is important for supporting long term signatures.
>
>I suggest that we define an abstract profile, or possibly extend the XAdES
>profile, which add an additional optional input to sign / verify requesting
>that the signature and related verification information are archived.
>
>Thoughts?
>
>Nick
>  
>