RE: [dss] Individual reports for verification response - Fred...@nokia.com - org.oasis-open.lists.dss

5 messages in org.oasis-open.lists.dssRE: [dss] Individual reports for veri...

From	Sent On	Attachments
Fred...@nokia.com	Jul 3, 2003 7:47 am
Nick Pope	Jul 3, 2003 9:23 am
Andreas Kuehne	Jul 5, 2003 3:25 am
jmessing	Jul 5, 2003 5:47 am
Trevor Perrin	Jul 5, 2003 1:39 pm

Subject:	RE: [dss] Individual reports for verification response
From:	Fred...@nokia.com (Fred...@nokia.com)
Date:	Jul 3, 2003 7:47:12 am
List:	org.oasis-open.lists.dss

Does this information provide an attacker much information for analysis in a series of requests and meaningful responses? I guess this depends on the environment, but could be noted as a risk, depending on the detail of the reply.

regards, Frederick

Frederick Hirsch Nokia Mobile Phones

-----Original Message----- From: ext Trevor Perrin [mailto:tre...@trevp.net] Sent: Friday, June 20, 2003 1:44 PM To: Juan Carlos Cruellas; ds...@lists.oasis-open.org Subject: Re: [dss] Individual reports for verification response

At 01:16 PM 6/20/2003 +0200, Juan Carlos Cruellas wrote:

Trevor,

What about something like: "The server should be able to issue individual reports on each token it has verified (certificates, signatures, etc) when the verification fails."

When it fails, do you want: - a report only on the thing that failed (this certificate was revoked) - also reports on the things that were good (this certificate was revoked, these were good, these weren't checked yet)

You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave _workgroup.php

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets