W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2002


From: Phil Griffin <phil.griffin@asn-1.com>
Date: Wed, 17 Jul 2002 08:44:59 -0400
Message-ID: <3D3566CB.7010209@asn-1.com>
To: "Apvrille, Axelle" <ApvriA@europe.stortek.com>
CC: w3c-ietf-xmldsig@w3.org

Actually, falling into ASN.1 can give you an XML solution.

The OASIS XCBF work uses an ASN.1 schema for its XML markup
(see http://oasis-open.org/committees/xcbf/). This schema is
defined in the ANS X9.84 Biometric Information Management
and Security standard. The X9.84 ASN.1 schema is based on
CMS (X9.73, IETF SMIME, RSA PKCS #7, etc.).

XCBF uses the canonical variant of the ASN.1 XML Encoding
Rules (XER) to form the input to the message digest process
for simple SIGNATURE, SignedData and AuthenticatedData types.
The digest and signature processing are essentially the same
as used today with the binary Distinguished Encoding Rules
(DER), and the XCBF processing descriptions closely follow
those defined in the IETF SMIME standard.

A complete ASN.1/XML solution for CMS is being defined in
the X9F3 working group which meets later this month. X9.96
XML Cryptographic Message Syntax (XCMS) will again use a
single ASN.1 schema for CMS to provide both compact binary
encodings using BER/DER, and an XML markup solution using
XER. Again, both the cryptographic processing and the
message representation will rely on XML markup.

Finally, for time stamps, the X9F4 working group continues
to work on its X9.95 Trusted Time Stamp standard. Again,
an ASN.1 schema from the ISO-IEC 18014 Time Stamp standard
(heavily influenced and aligned with the IETF work) will be
used. Since these time stamp messages are also based on CMS,
canonical DER and XER encoding inputs to a single, simple
signature process can easily be defined.

The message digest and signature processing for these three
efforts are essentially the same. The common thread in X9.84
(XCBF), X9.95 and X9.96 is to use a single schema to define
both compact binary encodings and XML markup encodings for
commonly used cryptographic messages. This means that product
can transfer DER to DER-only receivers, XML markup to XML-only
receivers, or transfer DER to a receiver that then hands off
XML to a local application for further processing.

It's no longer the either-or situation for ASN.1 and XML that
it was a couple of years ago. Every value of every ASN.1 type
now has a standard, canonical XML markup representation.

Phil Griffin

Apvrille, Axelle wrote:

>  > > 2-Where is the time-stamp "horodatage" ,it exist?
>  >
>  > I've got the same question - how to include, in a standard
>  > way, a time
>  > stamp in the CMS format? As a SignatureProperty, or what?
>  >
> Actually, timestamping is outside the scope of XML Signatures.
> It suggests timestamps will be set in the signature properties in an 
> example, but that's "all".
> As others have already answered, you should have a look at ETSI's XML 
> Advanced Electronic Signatures. XAdES defines XML signatures for 
> documents that are meant to be kept over years. Their special format 
> XAdES-T talks about time stamping. In that format, signer is requested 
> to mention time stamping date (SigningTime) and may add an external time 
> stamp (retrieved from a proper time stamping authority). The problem if 
> you do so is that, currently, the time stamp is an ASN.1 dump (Base64 
> encoded) of structures defined in RFC 3161. So you fall again into ASN.1...
>  >Or
>  > maybe there
>  > is some XML time-stamp specification?
> Consequently, we're working on one currently. It should be an "all" XML 
> timestamping protocol, using XML Signatures to secure the time stamp token.
> A paper's to appear at ISSE'02 (www.isse.org) conference in October.
> Regards,
> ---------------------
> Axelle APVRILLE - mailto: Axelle_Apvrille@storagetek.com
> Storage Technology European Operations
> Toulouse Research and Development Center
Received on Wednesday, 17 July 2002 08:47:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:10:10 UTC