XKMS Part 1 comments from Frederick.Hirsch@nokia.com on 2002-11-14 (www-xkms@w3.org from November 2002)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 14 Nov 2002 10:34:21 -0500
To: <www-xkms@w3.org>
Message-ID: <E320A8529CF07E4C967ECC2F380B0CF901067F3E@bsebe001.americas.nokia.com>

I have some additional comments/questions on XKMS 2.0 Part 1: Schema
Editors Copy 17 Oct 2002, http://www.w3.org/2001/XKMS/Drafts/XKMS20021017/xkms-part-1.html
----
2.5 Two Phase Request Protocol
Isn't this about Request Replay protection rather than denial of service?

From the description in Part 2 it sounds like a nonce is returned in the response and then
included in the second request. There is no clear requirement for extensive requestor processing, such
as signing. A signed response would not require signature verification, would it?

Should [46] be reworded and have the last sentence removed?
 
"XKMS requests may employ a two phase request protocol to protect against a Request Replay attack.
The two phase request protocol allows the service to perform a lightweight authentication of the source of an XKMS request, specifically the service determines that the client is able to read messages sent to the purported source address."
----
2.8.2 [63]
In other words the signature always applies to the entire XKMS request or response?
---
2.8.5
Should Compound Request be added to the table as another ResponseMechanism identifier?
___

2.8.6 [75]
Given the deprecation of MgmtData, should this be removed from the RespondWith Identifier list?
---
2.8.7
Notification by HTTP GET or POST? Is there a reason not to use POST? Should this be reworded simply as
"Notification by HTTP"?
---
4.1 Probably should clarify that what an underlying PKI does is up to the implementation - this is
not normative.

Editorial comments
[11] Reword:
"A protocol to support the delegation by an application to a service of the processing of Key Information associated with an XML signature, XML encryption, or other usage of the XML Digital Signature KeyInfo element.

[35] The XKMS protocol supports a number of protocol options, including asynchronous processing, two-phase
requests and compound requests.

[49].. but serve different purposes
s/server/serve

[53] corresponding to each inner request element of the compound request
s/elements/element

[86]
,that is sign messages...
s/sign a messages/sign messages

[96]
which public key
s/publickey/public key

[109]
s/recieves/receives

br, Frederick
 
---------------------------------------
Frederick Hirsch
Nokia Mobile Phones

Received on Thursday, 14 November 2002 10:34:25 UTC