Re: Serving static responses

Phill,

"Hallam-Baker, Phillip" wrote:
> 
> All,
> 
>         One of the issues that has been pointed out with the spec is
> that it is not currently possible to serve static signed data. That is a
> mjor problem as it means that XKMS is not as flexible as OCSP.

I'm not so sure its a major problem, perhaps more of a feature:-) Don't
you have an implicit public key certificate once the same response is
sent out twice?

Anyway, what'd prevent the application of two signatures, one covering
the static data, the other (which can use an on-line, lower quality
signing key) including the replay protection stuff?

>         The problem is the RequestID element in the result message that
> has become required rather than optional.

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Received on Monday, 3 February 2003 11:18:17 UTC