[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x] Re: [ESI] Attacks on PDF or ASiC
Hi Leonard, thank you for your warm welcome! Greetings, Andrreas > Just you as liaison... (though you can share the documents being developed with him to obtain feedback/comments) > > But absolutely glad to have their participation as well. > > Leonard > > ïOn 8/25/20, 1:57 PM, "dss-x@lists.oasis-open.org on behalf of Andreas Kuehne" <dss-x@lists.oasis-open.org on behalf of kuehne@trustable.de> wrote: > > Hi Andrea, > > > the OASIS DSS-X TC is active in the area of signature validation, too. > Our TC appreciates your effort to address the PAdES / ASiC effort and > would be happy to participate. > Is it possible for our TC to join the initiative? Our ist just me as the > OASIS/ETSI liasion? > > Greetings, > > Andreas > > Dear all, > > I have the impression that people agree that some work should be done, but it does not seem clear if the work should be done directly in PAdES / ASiC or in a validation document. > > I would suggest to have a call, to clarify what we want to do. I hope that during this call we can agree to the work items to be accepted which then can be send to remote consensus. > > > > I propose some dates here: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoodle.com%2Fpoll%2Fei5ve8gfmw9exc8k&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=iv0Wby%2FQTQETYVMcJTrei8mAzcWsC%2BXjkoAm3GLZ9zg%3D&reserved=0 I chose dates in the afternoon so that Leonard might participate. > > For me the goal of the call would be to agree on the WI(s), not to solve all issues, thus I hope one hour will be sufficient. > > > > Best regards, > > > > > > [cid:image001.png@01D67A42.51779530]<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=5J2t%2FyGLJJS83Eb%2FGjNYXWD1uAV5HLFZh11la6PTEQI%3D&reserved=0> > > > > > > Andrea Rock > > R&D Engineer & Standardisation Expert > > [cid:image002.png@01D67A42.51779530] +33 6 61 47 21 41<tel:+33661472141> > > [cid:image003.png@01D67A42.51779530] andrea.rock@universign.com<mailto:andrea.rock@universign.com> > > [cid:image004.png@01D67A42.51779530] https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=5J2t%2FyGLJJS83Eb%2FGjNYXWD1uAV5HLFZh11la6PTEQI%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=5J2t%2FyGLJJS83Eb%2FGjNYXWD1uAV5HLFZh11la6PTEQI%3D&reserved=0> > > [cid:image005.png@01D67A42.51779530] @Universign<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FUniversign%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=FrfeSYpJJsSRBYBVtkIJ3h96kM4dkOw7M%2FTOc%2B455vI%3D&reserved=0> > > [cid:image006.png@01D67A42.51779530] Universign<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F89114%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=Q3Hoxky3nthbqpZfcapamoHsZii1bkj%2FA25spC9dPsU%3D&reserved=0> > > > > > > > > > > De : Electronic Signatures and Infrastructures <ESI@LIST.ETSI.ORG> De la part de Peter RybÃr > > Envoyà : Monday, August 24, 2020 4:06 PM > > à : ESI@LIST.ETSI.ORG > > Objet : Re: [ESI] Attacks on PDF or ASiC > > > > Dear Andrea, > > > > We can recreate the work on the SOPPED WORK ITEM > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.etsi.org%2Fwebapp%2FWorkProgram%2FReport_WorkItem.asp%3FWKI_ID%3D57410&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=wS1NVGgAkxzcr1hNTunKJ8gdxua011SGlM%2BnNd1c%2Ftk%3D&reserved=0 > > > > According to experiences of ASiC we can define: > > > > Scope and Field of Application: > > Amendment and restructuring of EN 319 162-1 and merging with part 2 to correct mistakes and improve readability and usability taking also in account feedback and suggestions from the stakeholders (e.g. previous ASiC plugtest participants). Analysis and possible implementation of proposals for updates submitted to ESI contains, e.g.: > > > > * It is possible to apply additional signatures or files to the ASiC after creation of one signature that will change the visual aspect of the signed documents. The ASiC validation service should at least warn the user that more than documents signed of one signer are included or unsigned documents are included in ASiC. > > * The proposed new common ASiC container has only one extension (*.asc) and is based on mime type file, supports ASiC-S, ASiC-E, improves file naming, removes restrictions defined for ASiC-S/E implementation and the file âASiCManifest.xmlâ is stored in internal CAdES object files (*.p7m) instead of external signatures (*.p7s) where many problems are identified with many âASiCManifest*.xmlâ file names. > > > > The common ASiC associates one or more file objects with: > > Â- zero, one or more CAdES signatures present within one or more CAdES object files (*.p7s) updated as (*.p7m); > > Â- zero, one or more XAdES signatures present within one or more signature files (*.xml); and > > Â- zero, one or more time assertions. > > > > > > Deputy Director COL Peter RybÃr > > Regulation and Supervision Department | NSA > > BudatÃnska 30 | 851 06 Bratislava | Slovak Republic > > tel.: +421 2 6869 2163| fax: +421 2 6869 1700 > > peter.rybar@nbu.gov.sk<mailto:peter.rybar@nbu.gov.sk> | https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nbu.gov.sk%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=DT3siBf9D%2BE1AlfjK%2FjUMWn7cr9E5JKv%2FwUL6HMX2iA%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nbu.gov.sk%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783966990&sdata=DT3siBf9D%2BE1AlfjK%2FjUMWn7cr9E5JKv%2FwUL6HMX2iA%3D&reserved=0> > > Free QES application qes.webnode.sk/en/ <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nbu.gov.sk%2Fen%2Ftrust-services%2Ftrusted-list%2Ftl-and-qes-applications%2Findex.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=jvHrPfNnorA1hsvLO3ikQ4vyrwFlAk97K2g8dEoEY3A%3D&reserved=0> > > > > From: Electronic Signatures and Infrastructures [mailto:ESI@list.etsi.org] On Behalf Of Andrea Caccia > > Sent: Monday, August 24, 2020 12:09 PM > > To: ESI@list.etsi.org<mailto:ESI@list.etsi.org> > > Subject: Re: [ESI] Attacks on PDF or ASiC > > > > I agree to have the approval before the next ESI so that the discussion can start earlier and the next ESI meeting could be a better opportunity to go into more details. > > I think however that some activity is needed to better clarify the scope. > > ASiC was mentioned since the beginning, then other formats were mentioned. Even if this is only a PAdES issue, it is about validation: is it better to create a new 102 part instead (especially if other formats are impacted)? Any impact on 102-1 and 2 on how to use this new standard? > > I'm suggesting to have an initial meeting before approving any NWI on this topic. > > > > Regards > > Andrea > > > > > > > > Il giorno 24 ago 2020, alle ore 11:48, Andrea Rock <andrea.rock@UNIVERSIGN.COM<mailto:andrea.rock@UNIVERSIGN.COM>> ha scritto: > > > > Great thanks Peter and Ignacio ! I updated the WI. For the moment I put myself as the rapporteur, just to be able to have everything filled in. If anyone else wants to take the place (Andrea Valle?) just tell me, thatâs fine for me. > > Best regards, > > > > > > <image007.png><https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=gSMff9O2m3tFDsCSxPbVZntA47%2FNgPFJAQDIrd3LRY0%3D&reserved=0> > > > > > > Andrea Rock > > R&D Engineer & Standardisation Expert > > <image008.png> +33 6 61 47 21 41<tel:+33661472141> > > <image009.png> andrea.rock@universign.com<mailto:andrea.rock@universign.com> > > <image010.png> https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=gSMff9O2m3tFDsCSxPbVZntA47%2FNgPFJAQDIrd3LRY0%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=gSMff9O2m3tFDsCSxPbVZntA47%2FNgPFJAQDIrd3LRY0%3D&reserved=0> > > <image011.png> @Universign<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FUniversign%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=1kezOpK4SCsGIyFUrI18zAdAb0buPQIiHr4ymqkwy0Y%3D&reserved=0> > > <image012.png> Universign<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F89114%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=X35HZB1R2ayixTc2nJ5B1Vc8n3IxvCjjLeXer0aKP6g%3D&reserved=0> > > > > > > > > > > > > De : Electronic Signatures and Infrastructures <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> De la part de Ignacio Alamillo > > Envoyà : Monday, August 24, 2020 11:16 AM > > à : ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG> > > Objet : Re: [ESI] Attacks on PDF or ASiC > > > > Logalty supports it. > > Enviado desde mi iPhone > > > > > > > > El 24 ago 2020, a las 10:26, Nick Pope <nick.pope@secstanassoc.com<mailto:nick.pope@secstanassoc.com>> escribiÃ: > > > > Are there two other ETSI members willing to support the work item in ESI(20)071_005r1<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FESI%2FESI%2F05-CONTRIBUTIONS%2F2020%2FESI&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=IarIOzFw6HLScZrJ%2BSRvEPorsIIUNBY6U5pOWELVxns%3D&reserved=0(20)071_005r1_New_WI_proposal_TS_119_142-4__PAdES_Validation__Critical_vis.zip>? > > Nick > > > > From: Electronic Signatures and Infrastructures <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> On Behalf Of Leonard Rosenthol > > Sent: 21 August 2020 20:07 > > To: ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG> > > Subject: Re: [ESI] Attacks on PDF or ASiC > > > > You forgot to include yourself in the list of supporting organizations ð. > > > > And I think itâs good enough to get this movingâ > > > > When is the next meeting? > > > > Leonard > > > > From: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> on behalf of Andrea Rock <andrea.rock@UNIVERSIGN.COM<mailto:andrea.rock@UNIVERSIGN.COM>> > > Reply-To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Date: Friday, August 21, 2020 at 12:16 PM > > To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Subject: Re: Attacks on PDF or ASiC > > > > OK, perfect. I submitted the WI proposal for the next meeting: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FESI%2FESI%2F05-CONTRIBUTIONS%2F2020%2FESI&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=IarIOzFw6HLScZrJ%2BSRvEPorsIIUNBY6U5pOWELVxns%3D&reserved=0(20)071_005_New_WI_proposal_TS_119_142-4__PAdES_Validation__Critical_vis.zip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FESI%2FESI%2F05-CONTRIBUTIONS%2F2020%2FESI(20)071_005_New_WI_proposal_TS_119_142-4__PAdES_Validation__Critical_vis.zip&data=02%7C01%7Clrosenth%40ADOBE.COM%7Cd6b73ee7d5564ad34b6008d845ed8032%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637336233649513886&sdata=ftvLahQ3%2BGwt9ufd2cvcJwAXDi1WcPZgUUvkCqdvX5E%3D&reserved=0> > > > > The description is probably not perfect, but I hope it covers the idea. > > > > Best regards, > > > > > > <image001.png><https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783976987&sdata=gSMff9O2m3tFDsCSxPbVZntA47%2FNgPFJAQDIrd3LRY0%3D&reserved=0> > > > > > > > > Andrea Rock > > R&D Engineer & Standardisation Expert > > <image002.png> > > +33 6 61 47 21 41<tel:+33661472141> > > <image003.png> > > andrea.rock@universign.com<mailto:andrea.rock@universign.com> > > <image004.png> > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=D7QQ%2BIbv2yy0yq%2BG8%2FVZe58JB2%2FSntb0bG3cShsHkmI%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=D7QQ%2BIbv2yy0yq%2BG8%2FVZe58JB2%2FSntb0bG3cShsHkmI%3D&reserved=0> > > <image005.png> > > @Universign<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FUniversign%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=n9NxfsBc9oRo3S2GPhDLtFLS1q6JHStjhbvaEmInv%2Fc%3D&reserved=0> > > <image006.png> > > Universign<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F89114%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=%2BgCsa0F0tZkAc%2FceImkDDXzEcVIBkgpEarpwbf6rEeg%3D&reserved=0> > > > > > > > > > > > > De : Electronic Signatures and Infrastructures <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> De la part de Leonard Rosenthol > > Envoyà : Friday, August 21, 2020 6:01 PM > > à : ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG> > > Objet : Re: [ESI] Attacks on PDF or ASiC > > > > We would most certainly be willing/able to participate. > > > > Leonard > > > > From: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> on behalf of Andrea Rock <andrea.rock@UNIVERSIGN.COM<mailto:andrea.rock@UNIVERSIGN.COM>> > > Reply-To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Date: Friday, August 21, 2020 at 11:55 AM > > To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Subject: Re: Attacks on PDF or ASiC > > > > Dear Leonard, > > If you agree, I can suggest a WI on this for the next ESI meeting. This could be a new document (TR 119 142-4 ??). But it would be great if you or Andrea would have time to help on this topic. > > Best regards, > > > > > > <image007.png><https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=D7QQ%2BIbv2yy0yq%2BG8%2FVZe58JB2%2FSntb0bG3cShsHkmI%3D&reserved=0> > > > > > > > > Andrea Rock > > R&D Engineer & Standardisation Expert > > <image008.png> > > +33 6 61 47 21 41<tel:+33661472141> > > <image009.png> > > andrea.rock@universign.com<mailto:andrea.rock@universign.com> > > <image010.png> > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=D7QQ%2BIbv2yy0yq%2BG8%2FVZe58JB2%2FSntb0bG3cShsHkmI%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=D7QQ%2BIbv2yy0yq%2BG8%2FVZe58JB2%2FSntb0bG3cShsHkmI%3D&reserved=0> > > <image005.png> > > @Universign<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FUniversign%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783986984&sdata=n9NxfsBc9oRo3S2GPhDLtFLS1q6JHStjhbvaEmInv%2Fc%3D&reserved=0> > > <image006.png> > > Universign<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F89114%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=ZDq3qjM89lAa4qKsugo5NR0SwofnIeKXEYjrn0ezV7U%3D&reserved=0> > > > > > > > > > > > > De : Electronic Signatures and Infrastructures <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> De la part de Leonard Rosenthol > > Envoyà : Friday, August 21, 2020 3:38 PM > > à : ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG> > > Objet : Re: [ESI] Attacks on PDF or ASiC > > > > There is a newly started working group in ISO TC171 SC 2 WG8, focusing on advancing crypto and DigSig in PDF. There are a set of new proposals around updated algos & other improvements on their way. > > > > However, currently that group is not working on any related to validation â but I think that given recent issues and this particular thread â it would be a worthwhile endeavor! > > > > That would then leave a question about where to do the work (ISO vs. ETSI) and then how to do the work, given COVID. But I welcome kicking off the discussion. > > > > Leonard > > > > From: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> on behalf of Andrea Rock <andrea.rock@UNIVERSIGN.COM<mailto:andrea.rock@UNIVERSIGN.COM>> > > Reply-To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Date: Friday, August 21, 2020 at 4:15 AM > > To: esi esi <ESI@LIST.ETSI.ORG<mailto:ESI@LIST.ETSI.ORG>> > > Subject: Re: [EXTERNAL] Re: [ESI] Attacks on PDF or ASiC > > > > Dear Leonard and all, > > During the plugtest, we had the discussion if a PAdES validation service should consider only check the plein signature or not. Some stated that the pure validation should only be on the signature. I think it should be important to give at least a warning or fail if the visual effect was changed. In our solution we have implemented our own checks. > > You said that signature validation implementations have a common (but *not* standardized) model for validation. Is this model written down somewhere? > > Personally I think it would be nice to have some recommendations on what is problematic and what not. Is there any work going on in this direction? > > Best regards, > > > > > > <image011.png><https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=eC03p53cQBYygjktWF8HXBzuBPrqk1%2FTNU7OqyuMSw4%3D&reserved=0> > > > > > > > > Andrea Rock > > R&D Engineer & Standardisation Expert > > <image012.png> > > +33 6 61 47 21 41<tel:+33661472141> > > <image013.png> > > andrea.rock@universign.com<mailto:andrea.rock@universign.com> > > <image014.png> > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=eC03p53cQBYygjktWF8HXBzuBPrqk1%2FTNU7OqyuMSw4%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.universign.com%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=eC03p53cQBYygjktWF8HXBzuBPrqk1%2FTNU7OqyuMSw4%3D&reserved=0> > > <image005.png> > > @Universign<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2FUniversign%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=dGrGymN5ANccZ7jIM9QYREsk8MbsiC%2B7cyGnsxAwYZA%3D&reserved=0> > > <image006.png> > > Universign<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F89114%2F&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=ZDq3qjM89lAa4qKsugo5NR0SwofnIeKXEYjrn0ezV7U%3D&reserved=0> > > > > > > > > > > > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=ZmDktIuShGDgkFBUa6jPf%2FcyiBiMrF8usbAbEdnHVuc%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750783996980&sdata=ZmDktIuShGDgkFBUa6jPf%2FcyiBiMrF8usbAbEdnHVuc%3D&reserved=0> > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0> > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0> > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0> > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0 > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0 > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0 > > ________________________________ > > ________________________________ > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784006976&sdata=7Do7k9EpIIbAYIU4sWtxc0m%2BiiNwHIEI%2F2vcMO4QfXE%3D&reserved=0 > > ________________________________ > > > > ________________________________ > > > > Mail archive for ESI can be browsed at the following url: > > > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784016973&sdata=LKY%2Bv7HzB3ZNLCT4%2F08SXidcnoJJ8z7SSZtRs%2BakwW8%3D&reserved=0 > > > > ________________________________ > > ________________________________ > > > > Mail archive for ESI can be browsed at the following url: > > > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784016973&sdata=LKY%2Bv7HzB3ZNLCT4%2F08SXidcnoJJ8z7SSZtRs%2BakwW8%3D&reserved=0 > > > > ________________________________ > > > > ------------------------------------------------------------------- > > Mail archive for ESI can be browsed at the following url: > > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flist.etsi.org%2FESI.html&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784016973&sdata=LKY%2Bv7HzB3ZNLCT4%2F08SXidcnoJJ8z7SSZtRs%2BakwW8%3D&reserved=0 > > ------------------------------------------------------------------- > > > -- > Andreas KÃhne > > Chair of OASIS DSS-X > > phone: +49 177 293 24 97 > mailto: kuehne@trustable.de > > Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 > > Director Andreas KÃhne > > Company UK Company No: 5218868 Registered in England and Wales > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&data=02%7C01%7Clrosenth%40adobe.com%7C55086e293d974b54716308d849206574%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637339750784016973&sdata=RpVHNwLV54C4C6LZAORWrjlFtuBn51lBZavibO1BDVs%3D&reserved=0 > > -- Andreas KÃhne Chair of OASIS DSS-X phone: +49 177 293 24 97 mailto: kuehne@trustable.de Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas KÃhne Company UK Company No: 5218868 Registered in England and Wales
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]