- From: <Frederick.Hirsch@nokia.com>
- Date: Wed, 19 Feb 2003 16:25:19 -0500
- To: <www-xkms@w3.org>, <pbaker@verisign.com>
Phill Here are some comments on Part 2 of the latest XKMS draft 16-Dec-02 Questions [37] Digest Authenticated Request does not refer to HTTP digest authentication, but XML Dig Sig signed requests? RequestSignatureValue bound to response because response is signed or integrity guaranteed by transport? (I guess the question is where is digest authenticated request defined? (2.7.11 part 1) Change title to RequestSignatureValue Correlation? [44] Perhaps some clarification would be useful for unauthenticated secondary registration requests? Doesn't the AuthenticationRequest in part 1 require authentication element? Editorial [16], [49], [50] etc - ' replacement Add XTAML reference to references [34] s/Must/MUST [35],[36] delete? [64] mention Exclusive Canonicalization or signature extraction from message before verification processing? [90] Compound request example TBS - not sure it is needed given part 1 text. regards, Frederick Frederick Hirsch Nokia Mobile Phones
Received on Wednesday, 19 February 2003 16:25:30 UTC