Re: ACTION 167 from Pratik Datta on 2008-06-23 (public-xmlsec-maintwg@w3.org from June 2008)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Mon, 23 Jun 2008 01:27:49 -0700
To: Juan Carlos Cruellas <cruellas@ac.upc.edu>
CC: XMLSec <public-xmlsec-maintwg@w3.org>
Message-ID: <485F5E85.6090808@oracle.com>

I have included this in the draft.
Pratik

Juan Carlos Cruellas wrote:
>
> Dear all,
>
> As per action 167, below follows the text for 2.4.3 Use Timestamps 
> tokens issued by Timestamp authorities for long lived signatures 
> <http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#timestamps>
>
>
> "ETSI has produced TS 101 903: "XML Advanced Electronic Signatures 
> (XAdES)", which among other ones, deals with the issue of long-term 
> electronic signatures. It has defined a standard way for incorporating 
> time-stamps to XML signatures. In addition to the signature 
> time-stamp, which should be generated soon after the generation of the 
> signature, other time-stamps may be added to the signature structure 
> protecting the validation material used by the verifier. Recurrent 
> time-stamping (with stronger algorithms and keys) on all these items, 
> i.e., the signature, the validation material and previous time-stamps 
> counters the revocation of validation data and weaknesses of 
> cryptographic algorithms and keys. RFC 3161 and OASIS DSS time-stamps 
> may be incorporated in XAdES signatures.
>
> OASIS DSS core specifies a XML format for time-stamps based in XML 
> Sig. In addition DSS core and profiles allow the generation and 
> verification of signatures, time-stamps, and time-stamped signatures 
> by a centralized server
>
> The XAdES and DSS Timestamps should not be confused with WSS 
> Timestamps. Although they are both called Timestamps, the WSS 
> <Timestamp> is just a xsd:dateTime value added by the signer 
> representing the claimed time of signing. XAdES and DSS Timestamps are 
> full feldged signatures generated by a Time-stamp Authority (TSA) 
> binding together a the digest of what is being time-stamped and a 
> dateTime value. TSAs are trusted third parties which operate under 
> certain rules on procedures, software and hardware –including time 
> accuracy ensurance mechanisms. As such, time-stamps generated by 
> well-operating TSAs are trusted time indications which prove that what 
> was time-stamped actually existed at the time indicated, whereas any 
> time indication inserted by the signatory is not more than a claim 
> made by the generator of the signature."
>
>
>

Received on Monday, 23 June 2008 08:29:23 UTC