OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Digital Signature proposal

Title: Re: [office] Digital Signature proposal
I would highly recommend using government requirements for compliancy.  Things like FIPS are often pre-requisites to use by these end users and they need confidence to know that Dsig can be counted on if implementations claim conformancy. I would go as far as to maybe set up a Sub Committee to write a test that a conforming application must pass (such as changing one byte and requiring the signature digest to report that the document has been changed, being able to authenticate and determine a digital cert is still valid etc.).


On 31/07/08 11:41 AM, "Dave Pawson" <dave.pawson@gmail.com> wrote:

2008/7/31 Bob Jolliffe <bobjolliffe@gmail.com>:
> I am not sure exactly how one should define conformance in this context.  I
> don't think we are saying anywhere that an application has to *necessarily*
> be able to generate or validate signatures to be compliant.  I believe there
> are many odf applications out there which don't do either of these.   I
> guess this is a difference between formal compliance and semantic
> compliance.

So if it's not supported, is the application compliant?
If it's an optional feature, and an application supports dig sig
then it may be compliant.
Ditto if it supports XAdES it may be compliant.

If it supports digSig but not XAdES is it compliant or not? I'd suggest not.
( I noted a 'may' in the last email). That leaves the app able to work
with digsig but not with XAdES signatures. An interop hell if anyone cares.

The spec must have a clause for which a compliance statement can
be made clearly and without ambiguity. 'may use an extension' doesn't
seem like clear compliance to me.


Dave Pawson

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

Senior Technical Evangelist - Adobe Systems, Inc.
Duane's World TV Show - http://www.duanesworldtv.org/
Blog - http://technoracle.blogspot.com
Community Music - http://www.mix2r.com
My Band - http://www.myspace.com/22ndcentury
Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]