All,
Upon further reflection, I recommend that the following text be added to
ESS, Section 2.4, item 11: "All agents that support the generation of ESS
signed receipts MUST provide the ability to send encrypted signed receipts
(i.e. a signedData/Receipt encapsulated within an envelopedData). The agent
MAY send an encrypted signed receipt in response to an
envelopedData-encapsulated signedData requesting a signed receipt. It is a
matter of local policy regarding whether or not the signed receipt should be
encrypted. The ESS signed receipt includes the message digest value
calculated for the original signedData object that requested the signed
receipt. If the original signedData object was sent encrypted within an
envelopedData object and the ESS signed receipt is sent unencrypted, then
the message digest value calculated for the original encrypted signedData
object is sent unencrypted. The responder should consider this when
deciding whether or not to encrypt the ESS signed receipt. "
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
===============================