OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Validation semantics of time-stamping

Nick
I agree with John.

Concerning to your question... I have some difficulties in understanding 
the motivation. Could you please to give us something like a 
kind of scenario description?

What I may answer before you further explain is that when somebody
recieves a dss verification response with an updated signature to a request
requesting verification of the signature, the response itself gives this kind
of information.

What I have in mind is something like:

The relying party "A" receives a signature or even a XAdES signature with 
<xades:SignatureTimeStamp> element including the time-stamp on the
signature itself. 

"A" requests the dss server implementing XAdES profile to verify and update
the signature. Update may perfectly mean to get as much validation information
as possible, and then generate a time-stamp on that. 

If the server does not gain access to all the revocation information, it
returns
the corresponding response indicating that the signature was not verified
because
this lack. So the response already contains the information you request:
within
the response there is a time-stamp and there is the indication that the
signature
could not be completely verified.

If the server may gain access to all the revocation information and
everything is
OK, then the response says that the signature was verified and the time-stamp 
added was certainly added after the verification of the signature.

What it seemed not clear for everybody is the case of an unsuccessful
validation.

In summary, if "A" requests verification and updating to a form including a
time-stamp,
the response itself contains the answer to your question.

Juan Carlos.
> - Is there something that can be added to the XAdES profile or some part of
>DSS to enable a party relying on an old signature to be know if the
>time-stamp was applied immediately subsequent to successful validation?
>
>Nick
>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the
>OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php
>.
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php.
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]