- From: Chris Solc <csolc@adobe.com>
- Date: Mon, 1 Sep 2008 20:03:12 -0700
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
- Message-ID: <686848D3189C0845A6E5FA781D6A0FFF02DD17ED5D@nambx03.corp.adobe.com>
Here is a initial list of assumptions and requirements for long-term archival signatures, please review and comment. Assumptions: 1. Digital signatures are time bound for the following reasons: - hashing of bite Streams and encryption of hash codes are technologies may become obsolete as computing power increases. - vulnerabilities in specific algorithms may be found over time. - certificates have typically expiration date. - certificates can be revoked - certificate authorities may delete old information. 2. Documents may be migrated from one digital format to another to avoid technological obsolescence. - If the hardware and software environment can't be archived along with the digital signature digital documents may be migrated to a suitable archival format. Requirements: 1. The ability to add supplemental validation info to the signature post signing - Depending on the strategy, some long term signatures require the validation history and other meta data to be stored along with the signature. 2. Support for counter/multiple signatures - If a document is migrated to an archival format, often the bits that were covered by the original signature are changed thus resulting in a different hash values. As a result a counter signature that covers the migrated bits is required. - Depending on the archival strategy it may also be a requirement to counter sign any supplemental information added to the document after the original signature is applied. 3. Validation chain remain available for the life time of the document. - For a PKI to validate a signature the complete validation chain must be available, this includes the root certificate _______________________________________ Chris Solc Computer Scientist Adobe Systems Canada Inc. Phone: +1 613.940.3693 E-mail: csolc@adobe.com<mailto:csolc@adobe.com>
Received on Tuesday, 2 September 2008 03:13:13 UTC