Re: Validation of signatures?

XKMS is for key-centric operations and is not intended to support either
core or extended processing of XML Signatures (beyond retrieving and/or
validating the public key in question).

XML Signature Toolkits support the core validation processing defined in the
XML Signature specification.  It should certainly be feasible for
applications to supplement these Toolkits with features like time-stamp
checking and so on.  As well, XKMS could be used as the basis for such
things as "checking if a cert is valid some time ago" though I can't say if
that type of functionality would necessarily be provided by an XKMS service
provider.

Regards, Ed

----- Original Message -----
From: <stef.hoeben@utimaco.be>
To: <pbaker@verisign.com>
Cc: <www-xkms@w3.org>
Sent: Wednesday, June 05, 2002 2:45 AM
Subject: Validation of signatures?


>
> Hello,
>
> is it possible (or does it make sense) to validate an (XML) signature
> with an XKMS validate request?
>
> The docs talk about validation of certs, keys, key names, ... but not
> of an entire signature.
>
> The reason is that validation of a signature may be much harder then
> verifying the signature with a cert and then using an XKMS validate
> request to validate the cert.
>
> For example, ETSI's Advanced Electronic Signatures that remain
> valid over long periods uses o.a. timestamps as an extension.
> This allows you to check if a such a signature was valid some time in
> the past, but it requires time stamp checking and checking if a cert is
> valid some time ago.
>
> Kind regards, sorry if this is off-topic,
> Stef
>
> ETSI's Advanced Electronic Signatures:
> - XML Advanced Electronic Signatures (XAdES),
>  http://portal.etsi.org/sec/el-sign.asp#TS 101 903
> - the PKCS7-based counterpart: TS 101 703,
>  http://portal.etsi.org/sec/el-sign.asp#TS 101 733
>
>

Received on Wednesday, 5 June 2002 09:28:52 UTC