- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Thu, 27 Sep 2001 20:46:42 +0200
- To: w3c-ietf-xmldsig@w3.org
Hi all,
just one idea that I had during having a look at the ETSI documents about
qualifying signatures[1]. Would it make sense to add a critical attribute
to the ds:Object that indicates that it includes some properties that have
to be understood by the verification application? I think about a mechanism
like the X.509v3 extensions which have a critical flag, which means that
_if_ it's set the application must understand the extension... In [1], the
ETSI defines a way to include additional information about a signature
inside it...
Regards,
Christian
PS: This would include a tweak to the signature verification processing
model and a schema change. The schema change could be easy if we default
this to critical='false'. But the processing model would have to say
something like: "If a ds:Reference references an ds:Object of the signature
with critial='true' and the application does not know how to handle the
statements inside ds:Object, the verification MUST fail...."
[1] Standard ETSI TS 101 203 - XML Advanced Electronic Signatures (XAdES)
http://portal.etsi.org/sec/el-sign.asp
http://portal.etsi.org/sec/STF178Task3Draft.pdf
Received on Thursday, 27 September 2001 14:44:53 UTC