XAdES Support and the Revised OPC [formerly "DR 11-0030: Proposal"]

Francis Cave francis at franciscave.com
Thu Jun 2 12:05:31 CEST 2016 

Murata-san

 

It is obviously preferable if we only have to reference the latest version of XML DSig. From a cursory glance at the specifications, the following paragraph appears to summarise the changes in XML DSig 1.1 that affect conformance:

 

“Conformance-affecting changes of XML Signature 1.1 against [the] previous recommendation mainly affect the set of mandatory to implement cryptographic algorithms, including Elliptic Curve DSA (and mark-up for corresponding key material), and additional hash algorithms. A detailed explanation of changes since the last Recommendation are available [XMLDSIG-CORE1-CHGS <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#bib-XMLDSIG-CORE1-CHGS> ]. Changes are also described in a diff document showing changes since the Second Edition <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/Overview_diff_rec.html> , as well as a diff document showing changes since the previous PR draft <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/Overview_diff.html> .”

 

Since this is not my area of expertise, I’m not sure whether we have already adequately reviewed the changes in XML DSig 1.1. Does this need more discussion in Prague? I guess that we need the Ecma team to confirm that they agree that referencing XML DSig 1.1 and not the previous edition won’t break existing implementations.

 

Kind regards,

 

Francis

 

 

 

From: eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] On Behalf Of MURATA Makoto
Sent: 02 June 2016 08:31
To: Francis Cave <francis at franciscave.com>
Cc: SC34 <e-SC34-WG4 at ecma-international.org>
Subject: Re: XAdES Support and the Revised OPC [formerly "DR 11-0030: Proposal"]

 

Francis,

 

XML DSig 1.1 discourages or deprecates some features of DSig 1.0.  

However, in my understanding, any digital signature conformant to 

DSig 1.0 is also conformant to DSig 1.1.  I said so to Tracie in Barcelona.

 

I thus think that a normative ref to DSig 1.1 is good enough for 

"allow for both DigSig 1.0 and 1.1 in the text".  If we normatively 

reference DSig 1.0, we will recommend SHA-1.  I think that 

we shouldn't.

 

Regards,

Makoto

 

2016-05-05 20:45 GMT+09:00 Francis Cave <francis at franciscave.com <mailto:francis at franciscave.com> >:

My recollection accords with the meeting minutes. As I understand it, there is a consensus that we normatively need to allow for both versions of DSig, so that existing implementations (such as MSOFFCRYPTO) are still conformant, but we can also recommend use of the XAdES EN in an informative annex. I presume that what Murata-san means is that we are committed to introduce text into the OPC revisions that is in line with that consensus.

 

Francis

 

 

 

From: Rex Jaeschke [mailto: <mailto:rex at RexJaeschke.com> rex at RexJaeschke.com] 
Sent: 04 May 2016 20:03
To: 'SC34' < <mailto:e-SC34-WG4 at ecma-international.org> e-SC34-WG4 at ecma-international.org>
Subject: XAdES Support and the Revised OPC [formerly "DR 11-0030: Proposal"]

 

Hi there Murata-san, 

 

Below, you wrote, “We are committed to the introduction of XAdES EN into the OPC revision.”

 

I’m asking for clarification of this statement, so it is not misunderstood. At a glance, it seems to be making a broader claim that I thought WG4 had agreed to.

 

>From the Barcelona meeting minutes: “On Tuesday, in WG4 discussions: There was consensus that we should produce an informative annex describing a profile for XAdES appropriate for use with OPC, and allow for both DigSig 1.0 and 1.1 in the text.”

 

When this was agreed to, it was my understanding that there would *not* be any mandatory normative text re XAdES in the new OPC spec. Instead, the informative profile would give directions as to how an implementation could support XAdES, if it chose to do so. Specifically, a conforming implementation of the next edition of 29500-2 need *not* provide any support for XAdES at all. 

 

Rex

 

 

 

From:  <mailto:eb2mmrt at gmail.com> eb2mmrt at gmail.com [ <mailto:eb2mmrt at gmail.com> mailto:eb2mmrt at gmail.com] On Behalf Of MURATA Makoto
Sent: Saturday, April 30, 2016 10:41 AM
To: SC34 < <mailto:e-SC34-WG4 at ecma-international.org> e-SC34-WG4 at ecma-international.org>
Subject: DR 11-0030: Proposal

 

DR 11-0030 - OPC:  Obsolete version of W3C XML Digital Signature 1.0

 <https://skydrive.live.com/view.aspx/Public%20Documents/2011/DR-11-0030.docx?cid=c8ba0861dc5e4adc&sc=documents> https://skydrive.live.com/view.aspx/Public%20Documents/2011/DR-11-0030.docx?cid=c8ba0861dc5e4adc&sc=documents

 

This DR requests a change in the normative reference of Part 2 §3 from XMLDSig 1.0 ( <http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/> http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/) to XMLDSig 1.1 ( <http://www.w3.org/TR/xmldsig-core1/> http://www.w3.org/TR/xmldsig-core1/).

 

We are committed to the introduction of XAdES EN into 

the OPC revision.  XAdES EN uses XML DSig 1.1 

rather than 1.0.  I thus believe that we cannot stick 

to DSig 1.0.

 

Regards,
Makoto





 

-- 


Praying for the victims of the Japan Tohoku earthquake

Makoto

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20160602/28ae502d/attachment.html>

More information about the sc34wg4 mailing list