OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] Adding public key information to UBL party definition?

I don't have a clear idea on this. It is a common practice (and in many countries it is a legal obligation) to put the signer certificate as an attribute in the signature.
An issue in signature verification could be to be able to get the CA certificate and/or some of the certificates in the path.
An idea could be to allow a collection of certificates as attribute, i.e. a PKCS#7 certs-only attribute, as mentioned in RFC2797, allowing each party to optionally insert there an set of certificates that can be required for signature verification. What do you think?
Happy holidays and have a great new year!

Andrea


Il giorno 29/dic/2010, alle ore 17.49, G. Ken Holman ha scritto:

> Fellow Security SC members,
> 
> In our current UBL 2.1 PRD1 party definition:
> 
> http://docs.oasis-open.org/ubl/prd1-UBL-2.1/mod/summary/reports/UBL-AllDocuments-2.1.html#t-CommonLibrary-1179
> 
> ... there is no provision for storing public keys associated with the party.  Much like an email address or a telephone number, it is a public piece of information that might be useful to know about the party.
> 
> Is the same true for any certificates associated with the party?
> 
> I'm not proposing any tie between these constructs and the signature extension, because the signature extension is going to contain any needed key and certificate information in the actual <ds:Signature> construct found in the extension.
> 
> Does it make sense to propose this addition for PRD2 as a property of a party that might be useful to the recipient?
> 
> Perhaps not, since it won't be used by the extension, but maybe someone else on the Security SC can see a use for having such information available to the recipient for a party to provide when it is describing itself.
> 
> Perhaps it will be useful because it will be needed to decode or validate email messages that are signed with the party's private key?
> 
> Happy holidays and happy new year to all!
> 
> . . . . . . . . . . . Ken
> 
> --
> Contact us for world-wide XML consulting & instructor-led training
> Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/o/
> G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
> Legal business disclaimers:  http://www.CraneSoftwrights.com/legal
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]