OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Processing for RFC 3161 Tiemstamps on XML Signatures - resent

Inma,

Thanks again for your comment.

It is our belief that the full XAdES profile does not need to be
adapted to implement the <xades:SignatureTimeStamp>.   Rather than
define our own schema elements the policy is adopt existing definitions
wherever possible.

In the case of CMS the situation is different in that we are adopting an
existing usage for encoding signature timestamps that is defined in an annex
to RFC 3161.

Regards

Nick Pope
Co-chair - DSS TC

Subject: Processing for RFC 3161 Tiemstamps on XML Signatures

From: Inma Marín López <inma@dif.um.es> 
To: <dss-comment@lists.oasis-open.org> 
Date: Fri, 1 Dec 2006 15:34:02 +0100 

----------------------------------------------------------------------------
----

Hello,

 

  Regarding the processing for RFC3161 Timestamp on XML Signatures (section
3.5.2.3 in Draft v5 - OASIS DSS Core Specification), it is said that "If the
type attribute in this optional input is urn:ietf:rfc:3161 and [...] the XML
Signature MUST contain an RFC3161, placed in a <xades:EncapsulatedTimeStamp>
within a <xades:SignatureTimeStamp>". Does it mean that the XAdES profile
have to be supported by the service? However, XAdES is an extension to
XMLDSig that do not have to be supported by every client. On the other hand,
have you considered following the same approach as CMS Signatures? I mean
maybe the RFC3161 Timestamp could be added to the signature as an unsigned
property in (or similar to) the following way:

 

<ds:Signature Id="signature1">

            ....

            <ds:Object>

<ds:SignatureProperties>

<ds:SignatureProperty Target="#signature1">

<dss:Timestamp xmlns:dss="urn:oasis:names:tc:dss:1.0:core:schema">

<dss:RFC3161TimeStampToken>MIICFwY...N3tI=</dss:RFC3161TimeStampToken>

</odss:Timestamp>

</ds:SignatureProperty>

</ds:SignatureProperties>

</ds:Object> 

</ds:Signature>

 

 

I do not know if this is possible, but I thought it is an alternative to
XAdES approach.

 

Could you be so kind as to tell me your expert opinion, please?

 

Thank you very much in advance.

 

Inma.

 


This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
You must not disclose, copy or rely on any part of this correspondence if
you are not the intended recipient. 
If you have received this email in error, please delete it from your system
and notify the System Administrator at Thales e-Security +44 (0)1844 201800
or mail postmaster@thales-esecurity.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]