[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: <dss:VerificationTime>
Background to <dss:VerificationTime> issue as discussed at yesterdays call is: A) public comment from inma@dif.um.es April 21, 2006 8:40 AM http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200604/msg00 029.html Which asked: I have a question regarding <dss:VerificationTime> element. In the specification it is said that this element "instructs the server to determine the signature's validity at the specified time, instead of the current time". How is this verification, taking into account the verification time, accomplished? I suppose that, once the server has checked that the signature is valid, he checks the signing certificate validation by considering the verification time. But, what happens if the signature has a timestamp token? should that timestamp token be checked taking into account the verification time, too? B) Subsequently Ed's comments the following issues were identified: http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200605/msg00 004.html > > 39) line 1656: "instead of the current time" implies that the DSS > > implementation always uses the current time by default. What if "SigningTime" is present in the signature ? This optional input element needs to be re-written to reflect questions fielded from the public review. >> 40) line 1747: a note should be made that qualifies the 3rd party's ability to attest to the SigningTime (i.e. only content Timestamps applied before signature creation should result in the ThirdPartyTimestamp boolean being turned on, since a signature Timestamp may be applied months after SigningTime.) C) Discussion on the list on this subject: RE: [dss] wd-42 errors - <dss:VerificationTime> included proposals from Nick http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200605/msg0 0020.html and Carlos http://www.oasis-open.org/apps/org/workgroup/dss/email/archives/200605/msg0 0015.html on how to resolve the issue D) Concern was raised by Konrad at the DSS call that the discussion on vertification was getting into complex areas which required features defined outside the code such as more relevant to the XAdES/CAdES profile. In particular, her was concerned of the need to collect old recovation status information was not practical in a simple implmentation of the Core. It is suggested that a Skype call be convened to address this issue tommorrow (wednesday) afternoon (EU Time), morning Nth American time attendees to include: - Konrad - Ed - Juan Carlos - Nick - Carlos González-Cadenas If those wanting to contribute put proposals for the way forward before this call this would be welcome. Nick Pope & Juan Carlos
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]