- From: Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es>
- Date: Mon, 26 Jan 2004 13:12:01 +0100
- To: "A. Jerman Blazic" <aljosa@e5.ijs.si>, <w3c-ietf-xmldsig@w3.org>
Dear Jerman, You are right when you say that the current ASN.1 TImeStamp standard does not recognize an XML structure. But XAdES specifies mechanisms, not only for including time-stamps (encapsulated within XML structures), but also for IDENTIFYING WHICH parts of the signature and of the signed documents where included within the computation of the hash to be sent to the TSA. This should allow, when dealing with one of the different time-stamps that appear within XAdES, identify what each one is actually time-stamping. It is a matter of the supporting structure, not of the generated time-stamp token itself. As I said in a former message, this mechanisms were largely discussed in the XAdES plugtest event organized by ETSI, and you have the URL where you cand find the final report where this issue is commented, and the proposal for review is made available. Concerning to the parts of the documents that were time-stamped, the mechanisms rely on the referencing mechanisms defined within the SignedInfo element. Concerning the different parts of the signature, XAdES specifies what parts of the signature should be included in such a computattion for each different time-stamp element defined within XAdES. Just for your knowledge, currently the Digital Signature Services Technical Committee is working on a design of a XML based protocol for requesting time-stamps issuance to one server. Such document will also contain a time-stamp token specification in XML. See details at: www.oasis-open.org Regards Juan Carlos. At 12:32 26/01/2004 +0100, A. Jerman Blazic wrote: > >Dear All > >I don't know whether this was discussed before, but it does impose some >obstacles in our implementation attempts. We are evaluating the use of >XAdES as a tool for record archiving system, since XAdES already >includes some fields for time stamping inclusion. However, the problem >with time stamping is that is it does not fit into XML structure (so >far). So XAdES should perfectly perform when using "detach" signature >type (e.g. file separated from a signature, which can be timestamped >without problem). But what happens when one uses other signature types? >How is a time stamping procedure performed when signature is part of a >(signed) file? Current TimeStamp standard does not recognize an XML >structure and therefore if time stamped, the part of the message must be >taken out, time stamped and put back and then timestamp itself included >in an XAdES structure. It could be performed, but under what >circumstances? Transformations seems to be the first and the main >problem not to mention that the whole procedure without clear process >definition seems pretty awkward, so any suggestions are welcome. > >Best regards > >Aleksej > >------------------- >SETCCE >Jamova 39 >1000 Ljubljana >tel: +386 1 4773739 >fax: +386 1 4773861 >www.setcce.org >------------------- >
Received on Monday, 26 January 2004 07:12:33 UTC