[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Small Clarifications on DSS Spec WD-34
Hi All, Some small ones ... - section 2.4.2 line 327 The server MUST use the <Schema> referred to by <SchemaRefs> for validation if specified. This sentence should be clarified to state that the validation is solely to resolve ID attribute references that mat be contained in the input. It is therefore only mandatory (i.e. MUST) in that context. 347 should also be clarified to reflect this point as well. It is nicely worded on line 451 in section 2.5 Also section 2.8.6 line 648 should aslo be clarified. - section 2.4.2 331 Must a caller use EscapedXML if their input contains PIs and Comments ? Or can they use EscapedXML or even Base64XML. I am assuming these other element types are also a valid way to pass up PIs and Comments. Please clarify. - section 2.4.2 line 345 The beginning of the sentence up to the comma "The MimeType attribute is not required for XML signatures, ..." should be removed. The Base64Data element should never contain XML signatures. They would go in Base64XML, EscapedXML, or InlineXML. - section 2.8.2 Line 615 is not clear as it pertains to and inter-relates with section 6.3 Role of each vis-a-vis "The server MUST ..." should be clarified. - section 3.1 SignRequest. It should be clarified how a caller passes up a signature to be timestamped. Apparently SignatureObject as input on a Sign was rejected early on. This should be clarified. - section 3.5.2 line 880 Change "as a property or attribute of the resultant signature." to "as a property or attribute of the resultant signature (VerifyRequest) or the supplied signature (SignRequest)." - section 3.5.6.2 CMS Enveloping Signatures, Variant Optional Input <IncludeObject> All attributes of IncludeObject are XML-specific, not sure that IncludeObject should even be valid for CMS signature creation. If it is valid, this section is very unclear of the relation with InputDocuments - section 4.3 does not cover the scenario where an InputDocument contains the ds:Signature to be verified. This should be added. Section 4.3.1 Multi-Signature Verification refers to this possibility but it should be reflected in Basic Processing. - section 4.5 line 1366 should specify what implementations are obliged to do with respect to backward compatibility with PKCS7. - section 4.5 is silent on verification of CMS/PKCS7 signatures with embedded timestamps. It is also silent on verification of standalone CMS/PKCS7 timestamps which are by definition enveloping signatures. It is also silent on the implementation's obligations with respect to the verification of signature timestamps which are cryptographically bound to signatures. I think we have an outstanding/postponed Action Item on this. That is. Cheers, Ed
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]