[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OFFICE-3867] PAS Comment JP3: Earlier XmlDsig-Core edition referenced
The [xmldsig-core] reference in ODF 1.2 Part 3 is to the latest version of XML Signature Syntax and Processing (Second Edition).
COMMENT RECOMMENDATION
1. There be no change to the treatment of XML Digital Signatures in ODF 1.2 Part 3 and in the mention in ODF 1.2 Part 1.
2. Updating to XML Signature Syntax and Processing Version 1.1 be deferred to ODF 1.3. At that time, reliance on DSig and XAdES conformance requirements by reference can be profiled more explicitly than in ODF 1.2 Part 3 and down-level compatibility considerations can be addressed more precisely.
RATIONALE
The XML Signature Syntax and Processing Version 1.1 specification is not identified as a later version of [xmldsig-core].
From the introduction of Version 1.1,
"Conformance-affecting changes of XML Signature 1.1 against [the Second Edition] previous recommendation mainly affect the set of mandatory to implement cryptographic algorithms, including Elliptic Curve DSA (and mark-up for corresponding key material), and additional hash algorithms."
I note there are additional provisions concerning HMAC and use of ASN.1 encodings as well.
If normative reference is made to DSig Version 1.1, there will be a retroactive requirement on what consumers of ODF 1.2 digital signatures must accept. This will also cloud the interpretation of the mandatory <dsig:document-signatures> dsig:version attribute.
There are also extensive cross-references from ODF 1.2 Part 3 to specific passages in [xmldsig-core] (and [XAdES]), all requiring verification if there is substitution of a different reference.
-- Dennis E. Hamilton
dennis.hamilton@acm.org +1-206-779-9430
https://keybase.io/orcmid PGP F96E 89FF D456 628A
X.509 certs used and requested for signed e-mail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]