- From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
- Date: Tue, 17 Jun 2008 14:51:30 +0200
- To: XMLSec <public-xmlsec-maintwg@w3.org>
Dear all, As per action 167, below follows the text for 2.4.3 Use Timestamps tokens issued by Timestamp authorities for long lived signatures <http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#timestamps> "ETSI has produced TS 101 903: "XML Advanced Electronic Signatures (XAdES)", which among other ones, deals with the issue of long-term electronic signatures. It has defined a standard way for incorporating time-stamps to XML signatures. In addition to the signature time-stamp, which should be generated soon after the generation of the signature, other time-stamps may be added to the signature structure protecting the validation material used by the verifier. Recurrent time-stamping (with stronger algorithms and keys) on all these items, i.e., the signature, the validation material and previous time-stamps counters the revocation of validation data and weaknesses of cryptographic algorithms and keys. RFC 3161 and OASIS DSS time-stamps may be incorporated in XAdES signatures. OASIS DSS core specifies a XML format for time-stamps based in XML Sig. In addition DSS core and profiles allow the generation and verification of signatures, time-stamps, and time-stamped signatures by a centralized server The XAdES and DSS Timestamps should not be confused with WSS Timestamps. Although they are both called Timestamps, the WSS <Timestamp> is just a xsd:dateTime value added by the signer representing the claimed time of signing. XAdES and DSS Timestamps are full feldged signatures generated by a Time-stamp Authority (TSA) binding together a the digest of what is being time-stamped and a dateTime value. TSAs are trusted third parties which operate under certain rules on procedures, software and hardware –including time accuracy ensurance mechanisms. As such, time-stamps generated by well-operating TSAs are trusted time indications which prove that what was time-stamped actually existed at the time indicated, whereas any time indication inserted by the signatory is not more than a claim made by the generator of the signature."
Received on Tuesday, 17 June 2008 12:52:08 UTC