W3C home > Mailing lists > Public > www-xkms@w3.org > June 2002

Validation of signatures?

From: <stef.hoeben@utimaco.be>
Date: Wed, 5 Jun 2002 08:45:03 +0200
To: pbaker@verisign.com
Cc: www-xkms@w3.org
Message-ID: <OFE3BADCA7.7C7C14D6-ONC1256BCF.0024A506@utimaco.be>


is it possible (or does it make sense) to validate an (XML) signature
with an XKMS validate request?

The docs talk about validation of certs, keys, key names, ... but not
of an entire signature.

The reason is that validation of a signature may be much harder then
verifying the signature with a cert and then using an XKMS validate
request to validate the cert.

For example, ETSI's Advanced Electronic Signatures that remain
valid over long periods uses o.a. timestamps as an extension.
This allows you to check if a such a signature was valid some time in
the past, but it requires time stamp checking and checking if a cert is
valid some time ago.

Kind regards, sorry if this is off-topic,

ETSI's Advanced Electronic Signatures:
- XML Advanced Electronic Signatures (XAdES),
 http://portal.etsi.org/sec/el-sign.asp#TS 101 903
- the PKCS7-based counterpart: TS 101 703,
 http://portal.etsi.org/sec/el-sign.asp#TS 101 733
Received on Wednesday, 5 June 2002 02:50:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:39 UTC