- From: Joseph Reagle <reagle@w3.org>
- Date: Tue, 17 Dec 2002 14:04:48 -0500
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, Just.Mike@tbs-sct.gc.ca
- Cc: www-xkms@w3.org
On Tuesday 17 December 2002 13:05, Hallam-Baker, Phillip wrote: > > > [P86] No change, existing text is sufficient > > > There is an inline definition: a signing oracle, that is > > sign a messages > > > whose content is guessable by an attacker. > I think the fragment makes sense with the full context. Now [87] [87] Security Consideration: Care must be taken when signing responses to ensure that the service does not provide a signing oracle, that is sign messages whose content is guessable by an attacker. this should be "...service does not provide a signing oracle that signs messages whose content..." > These domain names are reserved for use in documentation and are not > available for registration. > OK works for me. Ok!
Received on Tuesday, 17 December 2002 14:04:58 UTC