[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] issues document
I see that the email sent by Ed does not only analyze the document asymmetry issue, but also the timestamping issue.
I know there was a strong decision in the TC about not treating timestamping as a standalone "first-class citizen" (i.e. a protocol like sign or verify). Maybe this was due to the fact that technically, timestamping is also related with creating a signature. I think this decision should be revised for the next major version of the document (maybe v2) for the following reasons
*Timestamping is semantically a different thing from generating a signature (it is a first level "use-case", and final users know the difference between "signing" and "timestamping"). When I want to timestamp something (including a signature), I don't want the server to "create a signature over a TSTInfo with the TSA key that ....", I really want to "timestamp" something).
*Timestamping is a core functionality, and should be included, IMHO, along with the core functionality, in the DSS core spec.
*Ignoring the semantic difference between signing and timestamping is giving us real problems in the spec
a) Having to "bury" this distinction admitting there is a "two scenarios" in the AddTimestamp optional input (3.5.2)
b) Having problems to differentiate when the user is requesting that the timestamp is to be added over
1) the existing signature passed within the input documents (not creating a new signature as in the rest of the cases of SignRequest -- that's timestamping, not signing -- note that this breaks the design "rule" of "signrequest is for creating signatures") or
2) over a new signature being created (over the signature passed in the input documents) as a result of the SignRequest (taking some text from Ed's mail "signing a signature is like signing any other document").
For me, this is resolved saying that b.2) is the behaviour of using SignRequest when passing a signature as an input document (you want to sign a signature) and b.1) is the behaviour of using TimestampingRequest (in the case that a signature is passed in the signature object -- signature timestamping).
Please see http://lists.oasis-open.org/archives/dss/200607/msg00034.html
(section 5.c.vi) for more details.
Regards
Carlos
On Wed Aug 30 2:43 , "Ed Shallow" sent:
@page Section1 {size: 595.3pt 841.9pt; margin: 70.85pt 3.0cm 70.85pt 3.0cm; mso-header-margin: 35.4pt; mso-footer-margin: 35.4pt; mso-paper-source: 0; } P.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman" } LI.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman" } DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline; text-underline: single } SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline; text-underline: single } A:visited { COLOR: purple; TEXT-DECORATION: underline; text-underline: single } SPAN.MsoHyperlinkFollowed { COLOR: purple; TEXT-DECORATION: underline; text-underline: single } SPAN.EstiloCorreo17 { COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; mso-bidi-font-family: Arial } SPAN.EstiloCorreo18 { COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; mso-bidi-font-family: Arial } DIV.Section1 { page: Section1 } OL { MARGIN-BOTTOM: 0cm } UL { MARGIN-BOTTOM: 0cm }I remember a similar debate back in 2004 between Trevor and I. Back then I argued for a collapse of selected elements to address this asymmetry. Point is it never got addressed.Ed
From: Carlos Gonzalez-Cadenas [mailto:gonzalezcarlos@netfocus.es]
Sent: August 29, 2006 9:36 AM
To: 'DSS TC List'
Subject: [dss] issues documentAll,
IR17;ve made some proposals that I think should be considered in the “DSS Issues Document”
- SignatureObject and InputDocuments Asymmetry: http://lists.oasis-open.org/archives/dss/200607/msg00011.html
- TimestampingRequest/TimestampingResponse for generating timestamps in the core (including the functionalities of signature timestamping that are now inside SignRequest/SignResponse and the standalone timestamp creation in the Timestamping Profile): http://lists.oasis-open.org/archives/dss/200607/msg00034.html (section 5.c.vi)
I have some more functionality to consider for the future, but I think it’s more appropriate to wait until the final 1.0 spec is released
Regards
Carlos
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]