- From: Frederick Hirsch <hirsch@zolera.com>
- Date: Wed, 28 Nov 2001 15:04:16 -0500
- To: "www-xkms-ws" <www-xkms-ws@w3.org>
I have some editorial comments that may be premature, but thought I'd share them anyway. Should confidentiality be mentioned in the Validity of Service response section? Should this section be common for both KISS and KRS? (there are diffrerences, regarding correspondence and possession, but having a common XKMS response would be useful) I suggest rewording the first sentence of Validity of Service section: "Clients SHOULD ensure the integrity of the response from the service to a Locate or Validate operation, meaning that the foloowing criteria are met:" In the Respond identifiers table, indicate that * means one or more elements might be returned. A reference to the definition of the OCSP token that validates an X509v3 certificate would be useful. In the Element reason - aspect table the description of ValidityInterval is in terms of now, at the time of the request. We should note that to determine if KeyInfo was valid when a signature was created is out of scope, since that would require passing signature properties as well as KeyInfo to a service, assuming signature properties included an appropriate timestamp. I'd recommend making the SOAP bindings a separate document from the core XKMS spec. we might want to clarify that for the Passphrase element the MAC is applied once when proving knowledge to avoid passing phrase in clear, and twice at registration to avoid passing proof in the clear at registration. Key Recovery: the draft should state that key revovery is only useful for encryption since the server is required to revoke a recovered signing key. In XKRS registration We might want to move the paragraph beginnning with "For clarity" before the example. Does the phrase "limited use" need definition in the term "limited use shared secret"? Revised wording for Replay Attacks, 2nd paragraph 2nd line: "For example, if a generic mechaims is built into the object exchange protocol, then it MAY be used." Rewording of nonce bullet "A nonce, that is a piece of random data that was included in the request Typos: "XML-SIGelements" in Executive Summary should be 2 words "Namepaces" missing s, heading after Definitions of Terms section "XMKMS" typo in Namespaces section The TBS for the xkms namespace can be the namespace in the XML Schema below Hellman is misspelled in Diffie-Hellman at the end of KRSS Overview "revoked" instead of "registered" at end of paragraph in Prototype element definition for Revoke Request Message "recovered" instead of "registered" at end of paragraph in Prototype element definition for Recover Request Message Figures Figure 2 might want to match the url retrieved with the example text Figure 3 might show parsing of certificate in middle (maybe) --- Frederick Hirsch Zolera Systems, http://www.zolera.com/ Information Integrity, XML Security
Received on Wednesday, 28 November 2001 15:02:34 UTC