W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2008

ACTION-40: Solicit and contribute long-time archival requirements

From: Chris Solc <csolc@adobe.com>
Date: Mon, 1 Sep 2008 20:03:12 -0700
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <686848D3189C0845A6E5FA781D6A0FFF02DD17ED5D@nambx03.corp.adobe.com>
Here is a initial list of assumptions and requirements for long-term archival signatures, please review and comment.

Assumptions:
1. Digital signatures are time bound for the following reasons:
- hashing of bite Streams and encryption of hash codes are technologies may become obsolete as computing power increases.
                - vulnerabilities in specific algorithms may be found over time.
                - certificates have typically expiration date.
                - certificates can be revoked
                - certificate authorities may delete old information.

2. Documents may be migrated from one digital format to another to avoid technological obsolescence.
- If the hardware and software environment can't be archived along with the digital signature digital documents may be migrated to a suitable archival format.

Requirements:
1. The ability to add supplemental validation info to the signature post signing
                - Depending on the strategy, some long term signatures require the validation history and other meta data to be stored along with the signature.

2. Support for counter/multiple signatures
                - If a document is migrated to an archival format, often the bits that were covered by the original signature are changed thus resulting in a different hash values.  As a result a counter signature that covers the migrated bits is required.
                - Depending on the archival strategy it may also be a requirement to counter sign any supplemental information added to the document after the original signature is applied.

3. Validation chain remain available for the life time of the document.
                - For a PKI to validate a signature the complete validation chain must be available,  this includes the root certificate

_______________________________________
Chris Solc
Computer Scientist
Adobe Systems Canada Inc.
Phone: +1 613.940.3693
E-mail: csolc@adobe.com<mailto:csolc@adobe.com>
Received on Tuesday, 2 September 2008 03:13:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT