- From: Phil Griffin <phil.griffin@asn-1.com>
- Date: Wed, 17 Jul 2002 08:44:59 -0400
- To: "Apvrille, Axelle" <ApvriA@europe.stortek.com>
- CC: w3c-ietf-xmldsig@w3.org
Actually, falling into ASN.1 can give you an XML solution. The OASIS XCBF work uses an ASN.1 schema for its XML markup (see http://oasis-open.org/committees/xcbf/). This schema is defined in the ANS X9.84 Biometric Information Management and Security standard. The X9.84 ASN.1 schema is based on CMS (X9.73, IETF SMIME, RSA PKCS #7, etc.). XCBF uses the canonical variant of the ASN.1 XML Encoding Rules (XER) to form the input to the message digest process for simple SIGNATURE, SignedData and AuthenticatedData types. The digest and signature processing are essentially the same as used today with the binary Distinguished Encoding Rules (DER), and the XCBF processing descriptions closely follow those defined in the IETF SMIME standard. A complete ASN.1/XML solution for CMS is being defined in the X9F3 working group which meets later this month. X9.96 XML Cryptographic Message Syntax (XCMS) will again use a single ASN.1 schema for CMS to provide both compact binary encodings using BER/DER, and an XML markup solution using XER. Again, both the cryptographic processing and the message representation will rely on XML markup. Finally, for time stamps, the X9F4 working group continues to work on its X9.95 Trusted Time Stamp standard. Again, an ASN.1 schema from the ISO-IEC 18014 Time Stamp standard (heavily influenced and aligned with the IETF work) will be used. Since these time stamp messages are also based on CMS, canonical DER and XER encoding inputs to a single, simple signature process can easily be defined. The message digest and signature processing for these three efforts are essentially the same. The common thread in X9.84 (XCBF), X9.95 and X9.96 is to use a single schema to define both compact binary encodings and XML markup encodings for commonly used cryptographic messages. This means that product can transfer DER to DER-only receivers, XML markup to XML-only receivers, or transfer DER to a receiver that then hands off XML to a local application for further processing. It's no longer the either-or situation for ASN.1 and XML that it was a couple of years ago. Every value of every ASN.1 type now has a standard, canonical XML markup representation. Phil Griffin Apvrille, Axelle wrote: > > > 2-Where is the time-stamp "horodatage" ,it exist? > > > > I've got the same question - how to include, in a standard > > way, a time > > stamp in the CMS format? As a SignatureProperty, or what? > > > > Actually, timestamping is outside the scope of XML Signatures. > It suggests timestamps will be set in the signature properties in an > example, but that's "all". > As others have already answered, you should have a look at ETSI's XML > Advanced Electronic Signatures. XAdES defines XML signatures for > documents that are meant to be kept over years. Their special format > XAdES-T talks about time stamping. In that format, signer is requested > to mention time stamping date (SigningTime) and may add an external time > stamp (retrieved from a proper time stamping authority). The problem if > you do so is that, currently, the time stamp is an ASN.1 dump (Base64 > encoded) of structures defined in RFC 3161. So you fall again into ASN.1... > > >Or > > maybe there > > is some XML time-stamp specification? > > Consequently, we're working on one currently. It should be an "all" XML > timestamping protocol, using XML Signatures to secure the time stamp token. > > A paper's to appear at ISSE'02 (www.isse.org) conference in October. > > Regards, > --------------------- > Axelle APVRILLE - mailto: Axelle_Apvrille@storagetek.com > Storage Technology European Operations > Toulouse Research and Development Center >
Received on Wednesday, 17 July 2002 08:47:47 UTC