OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2670) 4 - digitalsignatures, certificate chain

    [ http://tools.oasis-open.org/issues/browse/OFFICE-2670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21546#action_21546 ] 

David LeBlanc commented on OFFICE-2670:

This is already covered under my proposed changes to the dsig area. The proposed dsig spec says that the full cert chain may be placed in either KeyInfo or the CertificateValues element, as both XmlDSig and XAdES provides.

> 4 - digital signatures, certificate chain
> -----------------------------------------
>                 Key: OFFICE-2670
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2670
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: ODF 1.2 Part 3 CD 1
>            Reporter: Bart Hanssens
>             Fix For: ODF 1.2 CD 06
> See mailing list on whether or not to include certificate chain
> http://lists.oasis-open.org/archives/office/201005/msg00081.html
> My suggestion would be putting the chain it in ds:KeyInfo, with the signing certificate
> first (not required per spec, but expected by many implementations)
> XAdES says this about CertificateValues:
> "... CertificateValues element contains the full set of certificates that have been used
> to validate the electronic signature, including the signer's certificate. However, it is
> not necessary to include one of those certificates into this property, if the certificate
> is already present in the ds:KeyInfo element of the signature.
> If CompleteCertificateRefs and CertificateValues are present, all the certificates
> referenced in CompleteCertificateRefs MUST be present either in the ds:KeyInfo
> element of the signature or in the CertificateValues property element."

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]