OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ubl-security] Draft 10 of the UBL Digital Signature Profile for review

Hi Julian,
thank you for your comment. You are right about this change in X.509 but, on the other hand, non-repudiation is still in wide use, including in CAdES and XAdES, our normative references. I think we cannot delete it but we can use both to help a reader that is aware of the new term.
I went throughout the document ad i found different places where non repudiation is used and I think these changes solve the issue.

Page 5: XAdES contains several modules that permit various levels of security, such as non-repudiation with timestamps and long-term signature verification
--> XAdES contains several modules that permit various levels of security, such as content commitment and non-repudiation enforcement with timestamps and long-term signature verification

Page 11: Non-repudiation (or content commitment): the document signer cannot deny ...
--> Non-repudiation / content commitment: the document signer cannot deny…

Page 13: XAdES-T, where a timestamp is added to enforce non-repudiation and as a proof of anteriority. This envelope allows ascertaining the validity of a signature in case the signer certificate is later revoked;
--> XAdES-T, where a timestamp is added to enforce content commitment and as a proof of anteriority. This envelope allows ascertaining the validity of a signature in case the signer certificate is later revoked;

Page 13: Business requirements. A digital signature can reduce the risks associated with a business transaction (e.g., non-repudiation of a commercial order, proof-of-origin and integrity of an invoice)...
--> Business requirements. A digital signature can reduce the risks associated with a business transaction (e.g., content commitment of a commercial order, proof-of-origin and integrity of an invoice)…

I please ask Jon to apply these changes (after checking English…) while thanking him for his patience.

Andrea

Il giorno 24/apr/2011, alle ore 18.43, Julián Inza ha scritto:

Dear friends,

I would sugest to change term "non repudiation" to "content commitment" (see RFC 5280, ITU-T X.509 Corrigendum 3 (04/2004). and new -after 2004- X.509 (2008-11) ) in page 2.

Best regards


Julian Inza Aldaz
Presidente
Grupo Interactiva.
<Allegato di posta elettronica.gif>
<Allegato di posta elettronica.jpeg> www.ateneainteractiva.com · <Allegato di posta elettronica.jpeg> www.albalia.com · <Allegato di posta elettronica.jpeg> www.eadtrust.net
<Allegato di posta elettronica.jpeg>: blog.inza.com  <Allegato di posta elettronica.jpeg>: julian.inza@interactiva.com.es
<Allegato di posta elettronica.jpeg>: +34 91 7160 555 <Allegato di posta elettronica.jpeg>: +34 902 365 612


Este mensaje de correo electrónico puede contener INFORMACIÓN CONFIDENCIAL propiedad de Grupo Interactiva. Si lo ha recibido por error, por favor haga caso omiso, elimínelo y notifíquelo al remitente. Su información personal puede ser añadida a un fichero de relaciones (que puede incluir información de marketing) en las empresas del Grupo Interactiva, donde usted puede ejercer sus derechos de acceso, rectificación y cancelación de sus datos al amparo de la Ley Orgánica 15/1999. Usted está autorizado a utilizar los datos personales del firmante de este mensaje siempre que haya una manera de ejercer los mencionados derechos por el remitente.

This e-mail message could contain CONFIDENTIAL INFORMATION property of Grupo Interactiva. If received by mistake, please ignore it, delete it and notify the sender. Your personal information can be added to a relationships file (that can include marketing information) at any of the companies of Grupo Interactiva where you can exercise your rights to access, rectify or cancel your data according spanish 15/1999 Organic Law. You are authorised to use personal data of the signer of this message as long as there is a way to exercise the aforementioned rights by the sender.

El 18/04/2011 0:15, Andrea Caccia escribió:
24C000A1-0C14-43C1-89A0-1114235E5CD0@studiocaccia.com" type="cite"> 
Sorry for this long delay, I attach here a PDF with comments, deleted (barred) and added text (in red). It addresses also Ken's question.
Thank you for al the corrections and fixes.

Andrea




Il giorno 12/apr/2011, alle ore 16.17, Jon Bosak ha scritto:


Hello Andrea,

Have you had a chance to look at Ken's question yet?

Jon

Andrea Caccia wrote:

I apologize too for not reacting yet, I'll do by the end of this week.
Andrea
Il giorno 04/apr/2011, alle ore 03.12, G. Ken Holman ha scritto:

At 2011-03-19 21:49 -0400, Jon Bosak wrote:

Please review this new draft carefully, keeping in mind that the editor
(me) has very little knowledge of digital signature technology and can
easily introduce technical errors in the process of working with the
language.

I found something I didn't see before: Both the Terms and Definitions
(1.1.1) and section 2.2 make reference to an enveloping signature,
yet we don't provide a profile for such.  Should we explicitly
acknowledge (perhaps in section 2.4) that we are not providing a
profile for such (so the reader realizes nothing is inadvertently
missing), or change the existing text to say something along the
lines of "Two of the ways an XML Signature may be described are as
detached and enveloped."?  It might be enough that in 2.4 we alread
say "specifies two profiles..." so the reader knows nothing is
missing.


This document is intended to form part of UBL 2.1 and will be included
in UBL 2.1 PRD2.  In order to keep to our projected schedule for PRD2, I
am setting a one-week review cycle for the draft attached.  If any
member of the Security SC sees something that needs to be corrected or
added to this draft, please register the change to this mail list before
COB Sunday 27 March 2011.

Please forgive me that my leave of absence prevented me from submitting my comments in a timely fashion.

The document looks good to me, Jon ... thank you for your efforts.

I hope this helps.

. . . . . . . . . . Ken

--
Contact us for world-wide XML consulting & instructor-led training
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/o/
G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


      

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

    

  





















[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]