Minutes of Conf Call dealing with Timestamp Coverage in the Core and Profiles

["Edward Shallow" <ed.shallow@rogers.com>]

Minutes/Decisions of Scype Call with Juan-Carlos Feb 14, 11:00 EST

We used the Use-Case Combinations as the agenda and went through them
one-by-one. Actually we only had to go through the first 8 as the second set
ended up being the same issues and decisions. I'll just itemize them again
for the reader's convenience. Decisions, scope, and placement points follow:

Combination 1  - Sign    CMS    Content    Standalone
Combination 2  - Sign    CMS    Content    Embedded
Combination 3  - Sign    CMS    Signature  Standalone
Combination 4  - Sign    CMS    Signature  Embedded
Combination 5  - Verify  CMS    Content    Standalone
Combination 6  - Verify  CMS    Content    Embedded
Combination 7  - Verify  CMS    Signature  Standalone
Combination 8  - Verify  CMS    Signature  Embedded
Combination 9  - Sign    XML    Content    Standalone
Combination 10 - Sign    XML    Content    Embedded
Combination 11 - Sign    XML    Signature  Standalone
Combination 12 - Sign    XML    Signature  Embedded
Combination 13 - Verify  XML    Content    Standalone
Combination 14 - Verify  XML    Content    Embedded
Combination 15 - Verify  XML    Signature  Standalone
Combination 16 - Verify  XML    Signature  Embedded


Decisions and Placement:

Combination 1 and 9: Should be covered in the Timestamp Profile. Small
wording clarifications required.

Combination 2 and 10: Relegated to the XAdES profile which actually covers
both XAdES (TS 101 903) and CMS-specific TS 101 733. Clarification/referral
text to be added to section 3.5.2

Combination 3 and 11: Should be covered in the Timestamp Profile. Small
wording clarifications required. Lines 1831-1835 of the core also to be
revised to resolve URI attribute conflicts between core and XAdES.

Combination 4 and 12: Will be covered by core under 2 <AddTimestamp>
scenarios: a) create both a signature and an embedded timestamp as part of
the SignRequest and b) if a signature is passed in on the SignRequest with
<AddTimestamp> just embed the timestamp (unauthenticated attribute). Text to
be adjusted in 3.5.2 and its sub-sections. (thanks for the note Trevor)

Combination 5 and 13: Should be covered in the Timestamp Profile. Perhaps
text can be salvaged and moved to the Timestamp profile.

Combination 6 and 14: This was the sticky one !!! Relegated to XAdES
(TS101733 and TS101903 parts). However the core has a responsibility with
respect to this use-case as the verification results could be misleading and
inappropriate (i.e. false positive). Core to return a
resultmajor:RequesterError with a resultminor:NotSupported if the incoming
signature contains an authenticated attribute whose content type is OID
value 1.2.840.11359.1.9.16.1.4
Text to be changed in section 4.3.2 and sub-sections. 

Combination 7 and 15: Should be covered in the Timestamp Profile. Small
wording clarifications required.

Combination 8 and 16: Will be covered by core. Most of the text is there,
but we must add a new section to cover the <AddTimestamp> OptionalInput on a
Verify call which is missing and required. This section will be added as
4.6.9

As it turns out, all Standalone Combinations go to the Tiemstamp Profile and
all even Combinations go to either the core or XAdES

Other Work Assignment Decisions:

- Changes to be applied in 2 passes:

- Pass 1 Ed to modify/enhance sections 3.5.2 and 3.5.2.1, sections 4.3.2 and
4.3.2.1

- Pass 2 Juan-Carlos to review Ed's changes and then modify sections 3.5.2.2
and 4.3.2.2, additionally Juan-Carlos to fix 5.1.1 and add the new 4.6.9

- all changes required in the Timestamp Profile have yet to be assigned.

Cheers,
Ed