W3C home > Mailing lists > Public > www-xkms@w3.org > November 2002

XKMS Part 1 comments

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 14 Nov 2002 10:34:21 -0500
Message-ID: <E320A8529CF07E4C967ECC2F380B0CF901067F3E@bsebe001.americas.nokia.com>
To: <www-xkms@w3.org>

I have some additional comments/questions on XKMS 2.0 Part 1: Schema
Editors Copy 17 Oct 2002, http://www.w3.org/2001/XKMS/Drafts/XKMS20021017/xkms-part-1.html
2.5 Two Phase Request Protocol
Isn't this about Request Replay protection rather than denial of service?

From the description in Part 2 it sounds like a nonce is returned in the response and then
included in the second request. There is no clear requirement for extensive requestor processing, such
as signing. A signed response would not require signature verification, would it?

Should [46] be reworded and have the last sentence removed?
"XKMS requests may employ a two phase request protocol to protect against a Request Replay attack.
The two phase request protocol allows the service to perform a lightweight authentication of the source of an XKMS request, specifically the service determines that the client is able to read messages sent to the purported source address."
2.8.2 [63]
In other words the signature always applies to the entire XKMS request or response?
Should Compound Request be added to the table as another ResponseMechanism identifier?

2.8.6 [75]
Given the deprecation of MgmtData, should this be removed from the RespondWith Identifier list?
Notification by HTTP GET or POST? Is there a reason not to use POST? Should this be reworded simply as
"Notification by HTTP"?
4.1 Probably should clarify that what an underlying PKI does is up to the implementation - this is
not normative.

Editorial comments
[11] Reword:
"A protocol to support the delegation by an application to a service of the processing of Key Information associated with an XML signature, XML encryption, or other usage of the XML Digital Signature KeyInfo element.

[35] The XKMS protocol supports a number of protocol options, including asynchronous processing, two-phase
requests and compound requests.

[49].. but serve different purposes

[53] corresponding to each inner request element of the compound request

,that is sign messages...
s/sign a messages/sign messages

which public key
s/publickey/public key


br, Frederick
Frederick Hirsch
Nokia Mobile Phones
Received on Thursday, 14 November 2002 10:34:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:40 UTC