OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Questions about the digital signature specification

Hello UBL Security SC,

I am finishing up the edits on the UBL Digital Signature specification
version 09 (will be 10) and have two questions for you.

First, regarding this paragraph:

     <para>TS 101 903 is an XML electronic signature standard that can be
       used to create different XML Advanced Electronic Signatures <xref
       linkend="b_XAdES"/>. XMLDSig is a general framework for digitally
       signing XML documents; XAdES extends XMLDSig for use with advanced
       and qualified electronic signatures as specified in European Union
       Directive 1999/93/EC. Use of XAdES is not limited to Europe, as it
       is being adopted by many countries outside the EU and, at the time
       of publication of this specification, it is undergoing
       standardization in ISO TC 154 [ISO/CD 14533-2]. One important
       benefit of XAdES is that the validity of electronically signed
       documents can be extended for long periods, longer than the
       expiration of the electronic certificates involved in signature
       verification and also if underlying cryptographic keys and
       algorithms security becomes inadequate.</para>

I don't understand the ending of the last sentence.  Could someone
please explain?

Second, regarding this paragraph:

       <para>It is important to note that XAdES and XMLDSig define
         digital signature processing rules and syntax but do not cover
         the implementation of security measures required for an AdES,
         which are out of scope for this document.  Implementation may
         depend on local regulations in place and specific provisions set
         by the authority issuing the certificates supporting the signature. The
         implementer has to determine the set of requirements that
         apply to the specific context of use and determine accordingly
         the suitability of the standards and the specific profiles to be
         used: an explicit advice is given to reference directly to any
         regulation applicable to the specific context of use.</para>

I don't understand the reference to "explicit advice."  Would it be
possible to get more detail here?

Best regards,

Jon

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]