W3C home > Mailing lists > Public > www-xkms@w3.org > February 2003

Re: Serving static responses

From: Stephen Farrell <stephen.farrell@baltimore.ie>
Date: Mon, 03 Feb 2003 16:17:15 +0000
Message-ID: <3E3E960B.8A3E2327@baltimore.ie>
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
CC: www-xkms@w3.org


"Hallam-Baker, Phillip" wrote:
> All,
>         One of the issues that has been pointed out with the spec is
> that it is not currently possible to serve static signed data. That is a
> mjor problem as it means that XKMS is not as flexible as OCSP.

I'm not so sure its a major problem, perhaps more of a feature:-) Don't
you have an implicit public key certificate once the same response is
sent out twice?

Anyway, what'd prevent the application of two signatures, one covering
the static data, the other (which can use an on-line, lower quality
signing key) including the replay protection stuff?

>         The problem is the RequestID element in the result message that
> has become required rather than optional.


Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com
Received on Monday, 3 February 2003 11:18:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:07:23 UTC