Re: [dss] CMS Timestamps Core Review - PostScript

[Trevor Perrin <trevp@trevp.net>]

Edward Shallow wrote:
> Hi Nick, Juan-Carlos, and Stephan,
> 
>   I have reached an impasse as I got deeper into the XML Timestamp review.
> Content Timestamps in an XML setting are very tricky and greatly overlap
> with the scope of the signature References themselves. I do not see an easy
> way forward if I stay on this track. We could look at removing this
> treatment altogether. That is, the handling of content timestamps on both
> Sign and Verify altogether. The related problem is that the text for
> Timestamp verification which is nailed down fairly nicely might also have to
> be de-scoped to remove references to content Timestamp treatment.
> 
>   The last problem is that AddTimestamp as it is, ONLY covers adding
> Timestamps to existing signatures and does not address adding Timestamps to
> the signature being created

Hmm...  as of wd-30, the spec was clear that <AddTimestamp> was an 
optional input on the signing protocol, covering the *created* signature:

"The <AddTimestamp> element indicates that the client wishes the server 
to provide a timestamp as a property or attribute of the resultant 
signature."

The current text (wd-37) seems to have things backward:

"The <AddTimestamp> element indicates that the client wishes the server 
to provide a timestamp token on the <ds:SignatureValue> element in XML 
signatures or the signature field in CMS signatures, as a property or 
attribute of the resultant signature (VerifyRequest) or the supplied 
signature (SignRequest)."

Shouldn't that be supplied signature (VerifyRequest) or resultant 
signature (SignRequest)?


Trevor