[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Individual reports for verification response
At 08:58 AM 7/5/2003 -0400, jmessing wrote: >The protocol should probably support various levels of granularity in >reports with the probable end result being that very few users may want >access to that level of detail as a practical matter unless and until a >signature is challenged, just like a bank keeps records of manual >signatures on file to reference in the event a manual signature on a check >or draft is challenged, but does not check each signature against the >signature card because of the impracticality of the process. This complexity is why I'm a little leery of this feature, since we're going to have to enumerate and name all the meaningful events a service can notify the client about, and worry about things like what level of granularity is appropriate, and how to parameterize these events (does the service just say "I checked a revocation mechanism, or does it say "I checked a CRL", or does it say I checked *<this>* CRL", etc.), and how to let the client specify filters on which events it wants to receive. We could end up designing a whole logging system, if we're not careful. But maybe that's exaggerating. Perhaps we could just let things like "which events to return" be part of the "verifying policy" in 3.6.2 - i.e., part of that mass of ways one server can differ from another that a client can't control individually but that's implicit in the "verifying policy" the server's operating under. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]