- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Mon, 3 Feb 2003 10:05:29 -0800
- To: stephen.farrell@baltimore.ie, "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: www-xkms@w3.org
- Message-ID: <CE541259607DE94CA2A23816FB49F4A3F702A6@vhqpostal6.verisign.com>
OK after a telephone discussion: 1) A service can only return static data if the client signals it does not require the request/response binding. 2) This would be an extra item in ResponseMechanism 3) When WSDL becomes real we have a mechanism for stating that this service offers this type of response... Phill > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Monday, February 03, 2003 11:17 AM > To: Hallam-Baker, Phillip > Cc: www-xkms@w3.org > Subject: Re: Serving static responses > > > > > Phill, > > "Hallam-Baker, Phillip" wrote: > > > > All, > > > > One of the issues that has been pointed out with the spec is > > that it is not currently possible to serve static signed > data. That is a > > mjor problem as it means that XKMS is not as flexible as OCSP. > > I'm not so sure its a major problem, perhaps more of a > feature:-) Don't > you have an implicit public key certificate once the same response is > sent out twice? > > Anyway, what'd prevent the application of two signatures, one covering > the static data, the other (which can use an on-line, lower quality > signing key) including the replay protection stuff? > > > The problem is the RequestID element in the result > message that > > has become required rather than optional. > > Stephen. > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com >
Received on Monday, 3 February 2003 13:05:40 UTC