[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comment on individual report profile
Dear Detlef, Looking at the document, I see the following structure: IndividualReportType | +-- SignedObjectIdentifier | +-- Result | +-- Details Then the text says that <DetailedSignatureReport> may appear within the Details for providing details of the signature. So far so good.... But I have some problems with the SignedObjectIdentifier. Section 3.3, for its <DigestAlgAndValue> child element, says: "This element contains, if present, the hash value of the signature or validation data under consideration, where the signed object itself (e.g. the <ds:Signature>-element in case of an XML-signature according to [RFC3275], the SignedData-structure in case of a CMS-signature according to [RFC3852] or a time stamp according to [RFC3161], the Certificate- or CertificateList-structure in case of an X.509-certificate or CRL according to [RFC5280] or the OCSPResponse-structure in case of an OCSP-response according to [RFC2560] for example) serves as input for the hash-calculation. The structure of the DigestAlgAndValueType is defined in [XAdES]. This element SHOULD NOT be used if the unique identification can be guaranteed by other elements" This text seems to me that is indicating that the current specification foresees that this type may identify not only signatures (XML Sig or CMS) but also time-stamps, X.509 certs and CRLs, or even OCSP responses... Now the document immediately starts making it clear that this element will serve to identify a signature , it goes through all the information that may be returned in a detailed report, and finally it is not until we reach 3.5.5 to 3.5.10 that we find a list of reports that may appear also qualified by an instance of this type.....and in the mean time the reader has found things like section 3.5.3.1 that uses ds:X509IssuerSerialType as identifier of the certificate, and section 3.5.3.3 uses XAdES:CRLIdentifierType for identifying CRLs, XAdES:OCSPIdentifierType for OCSP responses identifier.... I have one question and some comments: 1. Question: in which context would you say that an IndividualCertificateReport (the same applies to AttributeCertificate, CRL or OCSPResponse, not for IndividualTimeStamp as this protocol could also serve for getting detailed reports on a time-stamp, not on a signature) would appear? Section 3.5.5 defines this element, but I do not see anywhere any indication that it should appear in some Signature report. 2. Depending on the answer to this question, then we could think in moving sections 3.5.5 to 3.5.10 to another place ahead in the document? Regards Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]