W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2008

Additional comments to properties draft

From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
Date: Fri, 12 Dec 2008 17:48:33 +0100
Message-ID: <494295E1.4040406@ac.upc.edu>
To: XMLSec WG Public List <public-xmlsec@w3.org>

Dear Frederick, concerning the current status of the draft, I am affraid
that I have some comments:

1. Concerning Usage property, the text says: "The developer also needs
to associate a usage URI with the signature to indicate processing rules
and other information needed to process the signature properly (in
addition to required XML Signature processing rules)."...well, this is
roughly speaking what in other areas is understood as Signature Policy,
and XAdES already has defined a structure for this....would not be
possible to make a reference to XAdES property instead defining a new
type for the same purpose?


2. Concerning the timestamp element....my view is that this element does
   not add any security to the signature, I mean, it seems to be a pair
of two values generated by the signer (as there is nothing else
indicating that it has been created by a trusted TSA, like a RFC3161 or
DSS time-stamp token)...so I think that the term timestamp is a bit
misleading....to me, from what you write, its semantics seems a kind of
claimed validity period of the signature (claimed by the signer herself,
and in consequence without any further endorsement by a Trusted
TSA)....and if so, I would propose precisely a change of name:
ClaimedTimeSpan or something similar....If I am correct with the
semantic, there is not anything like this in XAdES and would not have
any problem....but it should be made it clear that this is not a
declaration endorsed by any trusted third party....

So, very briefly:

1. I would propose to use the concept of signature policy and make
reference to xades:SignaturePolicyIdentifier (as it has additional
elements that may help the verifiers in their processing and also cover
the same concept)

2. I would propose to change the name of the second element to
ClaimedTimeSpan, and make it clear that is a time indication provided by
the signer.

I hope this helps.

Regards

Juan Carlos.
Received on Friday, 12 December 2008 16:49:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC