[doseta-discuss] Fwd: New Version Notification for draft-crocker-doseta-base-03.txt
Bill Burke
bburke at redhat.com
Tue Jul 12 09:54:49 PDT 2011
On 7/12/11 11:59 AM, Dave CROCKER wrote:
> 2. Drop 'version' tag -- versions don't get used
>
Seems to still be a reference to the version tag in section 4.2
> 5. Reworked the section on Requirements for Tailoring the Signing
> Service, to use the signing template. This included adding "Required
> Fields" and "Required Algorithms" components.
>
I'm not exactly clear what this section allows. For example. I'd like
to use doseta to only sign a set of headers that come with the request
and not required the "d" field and make DNS lookup optional and/or
provide a URI mechanism to locate keys.
I'm also wondering if it would be more beneficial to completely separate
the Signing Service from Key Management. i.e. the signing template
would make the "d" field optional. I can see a lot of developers
(myself in particular) that will want to re-use the
signing/verification/canonicalization algorithms of DOSETA, but not the
key discovery and management requirements of DOSETA.
Thanks,
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the doseta-discuss
mailing list