[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Text as required by action 06-06-05-02
Dear all, According to what we agreed in our last conf call below follow proposals for changes in the core so that signature time-stamps in XML management refers to XAdES. While re-reading the related parts I have also noticed some things that I think should be changed. Below follows the list of things that I propose we should change. There are references to line numbers and sections. After that I make a cross-check with some of the comments raised in the public comments list so that we can agree whether they are suitably treated by the proposed text. Please note that I am working on CD 4 document. ------------------------------------ 1. Section 3.5.2 line 1025. Page 26. Original text: "In particular the DSS XAdES profile [DSS-XAdES-P]..." Proposed text: "In particular the DSS AdES profile [DSS-AdES-P]..." RATIONALE: The title of the profile has actually changed to AdES as it contains details for XAdES and CAdES signatures. The reference itself should also be changed. See note for change at the end of the list. ------------------------------------- 2. Section 3.5.2 line 1038. Page 26 Original text: "Two scenarios for the timestamping of CMS sigantures are supported...." Proposed text: "Two scenarios for the timestamping of both CMS and XML sigantures are supported...." RATIONALE: Certainly the cores is supporting the timestamping of both types of signatures. Not mentioning the XML signature would be misleading. ------------------------------------- 3. Section 3.5.2.2 lines 1068 to 1072 page 27 Proposal. Substitute the whole paragraph from these lines to the following one: "The present specification defines a format for XML timestamp tokens. In addition XAdES defines a mechanism for incorporating signature timestamps in XML signatures. The present document mandates that signature timestamps in XML format MUST follow the syntax defined in section 5.1 of this document. These time-stamp tokens MUST be added to XML signatures as specified by XAdES." RATIONALE: This text clearly indicates our resolution, ie: . Any XML time-stamp over the signature is created, MUST follow the syntax that we define; . Incorporation must be as specified in XAdES. ------------------------------------- 4. Section 3.5.2.2 line 1078, page 27 Original text: "urn:ietf:rfc:3275" Proposed text: "urn:oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken" RATIONALE: I think that the previous value was a mistake: it identified a XML signature, not the XML time-stamp token, as it must do. ------------------------------------- 5. Section 4.3.2 line 1524 page 37 Original text: "XML signature timestamp tokens" Proposed text: "XML time-stamps tokens on XML sigantures." RATIONALE: Actually the case that we are dealing with is the signature time-stamp token in XML syntax for XML signatures, and the former text was not completelly clear on what was XML the signature, the time-stamp or both. I think that the proposed text is clearer. ------------------------------------- 6. Section 4.3.2 line 1528, page 37 Original text: "the DSS XAdES profile defines" Proposed text: "the DSS AdES profile [DSS-AdES-P] defines" RATIONALE: As in proposal 1. ------------------------------------- 7. Section 4.3.2.2 line 1556 page 38 Original text: "Processing for XML timestamp tokens" Proposed text: "Processing for XML time-stamps tokens on XML sigantures." RATIONALE: In the line of what I said in proposal 6. ------------------------------------- 8. Section 4.3.2.2 line 1157, page 38 Original text: "The present setion describes the processing rules for verifying and XML Signature timestamp token embedded within an XML signature as an unsigned property." Proposed text 1 : "The present setion describes the processing rules for verifying and XML Signature timestamp token embedded within an XML signature using the incorporation mechanisms specified in XAdES." Proposed text 1 : "The present setion describes the processing rules for verifying and XML Signature timestamp token embedded within an XML signature using the incorporation mechanisms specified in XAdES (i.e., in the <xades:XMLTimeStamp> <xades:SignatureTimeStamp> element's child )." RATIONALE: As agreed explicit mention to XAdES as for how the XML time-stamp must come within the XML signature. The only doubt I have is about the degree of detail. That is why there are two proposed text, being the second more detailed, as it explicitly mentions where the XML time-stamp token will appear... We can talk on them in the conf call. A. PROPOSALS FOR CHANGES ------------------------------------- 9. Section 4.3.2.2 line 1573, page 38 Original text: "Verify that one of the <ds:Reference> element has ...." Proposed text: "Verify that one of the <ds:Reference> elements has ...." RATIONALE: It must be plural. ------------------------------------- 10. Section 4.3.2.2 line 1585 to 1592, page 39 Original text: the whole steps 7 and 8 Proposed text: "7. Take each of the other <ds:Reference> elements and for each one proceed to its validation as specified in [XMLSig]. 8. Check that for one of the <ds:Reference> elements the retrieved data object is actually the <ds:SignatureValue> element and that it contains its digest after canonicalization. 9. Set the <dss:Result> element as appropiate" RATIONALE: The former text was inconsitent with the text in 1571, where we said "the <ds:SignedInfo> contains at least two <ds:Reference> elements". Former step 7 began "Take the other <ds:Reference>" when there could actually be more than one. ADDITIONAL ISSUE: I would like to bring your attention to the proposed text in step 8. I tried to say that one of the <ds:Reference> elements must contain the digest of the canonicalized <ds:SigantureValue> value. Do you think that the writing is accurate and clear enough?. ------------------------------------- 11. Section 8, Line 2051. Page 24. Original text: "[DSS-XAdES-P] JC cruellas et al. DSS XAdES Profile. OASIS, April 2006" Proposed text: "[DSS-AdES-P] JC cruellas et al. "Advanced Electronic Signature Profiles of the OASIS Digital Signature Service" " B. CROSS-CHECK WITH COMMENTS: ------------------------------------- 1. COMMENT BY INMA MARIN OF MAY 16TH. She says "there is no indication on how a <SignRequest> should be created so as to get the timestamping of an existing XML signature from the DSS server". a. Line 1038 in 3.5.2, changed as suggested in proposal 2 would read "Two scenarios for the timestamping of both CMS and XML sigantures are supported...." It is pretty clear now the the core actually supports XML signatures timestamping. b. Lines 1075 to 1077 (untouched) read "In scenario b) the incoming signature MUST be passed in on one of the following three elements <EscapedXML>, <InlineXML> or <Base64XML>" this instructs readers on how to include the XML signature in the request. c. New line 1077-1078 changed as suggested in proposal 4 will read: "The Type attribute of the <AddTimeStamp> optional input SHALL be set to: urn:oasis:names:tc:dss:1.0:core:schema:XMLTimeStampToken" There was a wrong URI here, the one of XMLSig, which contributed to increase confusion here.... I think that with the two highligthed changes it should be pretty clear how to request a XML timestamp on a XML signature. Regards Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]