XAdES Support and the Revised OPC [formerly "DR 11-0030: Proposal"]

Thu Jun 2 12:15:29 CEST 2016

I vaguely remember that Tracie said that Microsoft implements
most of the mandatory algorithms.   But Tracie left Microsoft.

BTW, I heard from my Japanese XAdES colleague that few of the
XAdES EN implementations support mandatory algorithms in
DSig 1.1.

Regards,
Makoto

2016-06-02 19:05 GMT+09:00 Francis Cave <francis at franciscave.com>:

> Murata-san
>
>
>
> It is obviously preferable if we only have to reference the latest version
> of XML DSig. From a cursory glance at the specifications, the following
> paragraph appears to summarise the changes in XML DSig 1.1 that affect
> conformance:
>
>
>
> “Conformance-affecting changes of XML Signature 1.1 against [the]
> previous recommendation mainly affect the set of mandatory to implement
> cryptographic algorithms, including Elliptic Curve DSA (and mark-up for
> corresponding key material), and additional hash algorithms. A detailed
> explanation of changes since the last Recommendation are available [
> XMLDSIG-CORE1-CHGS
> <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#bib-XMLDSIG-CORE1-CHGS>].
> Changes are also described in a diff document showing changes since the
> Second Edition
> <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/Overview_diff_rec.html>,
> as well as a diff document showing changes since the previous PR draft
> <https://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/Overview_diff.html>
> .”
>
>
>
> Since this is not my area of expertise, I’m not sure whether we have
> already adequately reviewed the changes in XML DSig 1.1. Does this need
> more discussion in Prague? I guess that we need the Ecma team to confirm
> that they agree that referencing XML DSig 1.1 and not the previous edition
> won’t break existing implementations.
>
>
>
> Kind regards,
>
>
>
> Francis
>
>
>
>
>
>
>
> *From:* eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] *On Behalf Of *MURATA
> Makoto
> *Sent:* 02 June 2016 08:31
> *To:* Francis Cave <francis at franciscave.com>
> *Cc:* SC34 <e-SC34-WG4 at ecma-international.org>
> *Subject:* Re: XAdES Support and the Revised OPC [formerly "DR 11-0030:
> Proposal"]
>
>
>
> Francis,
>
>
>
> XML DSig 1.1 discourages or deprecates some features of DSig 1.0.
>
> However, in my understanding, any digital signature conformant to
>
> DSig 1.0 is also conformant to DSig 1.1.  I said so to Tracie in Barcelona.
>
>
>
> I thus think that a normative ref to DSig 1.1 is good enough for
>
> "allow for both DigSig 1.0 and 1.1 in the text".  If we normatively
>
> reference DSig 1.0, we will recommend SHA-1.  I think that
>
> we shouldn't.
>
>
>
> Regards,
>
> Makoto
>
>
>
> 2016-05-05 20:45 GMT+09:00 Francis Cave <francis at franciscave.com>:
>
> My recollection accords with the meeting minutes. As I understand it,
> there is a consensus that we normatively need to allow for both versions of
> DSig, so that existing implementations (such as MSOFFCRYPTO) are still
> conformant, but we can also recommend use of the XAdES EN in an informative
> annex. I presume that what Murata-san means is that we are committed to
> introduce text into the OPC revisions that is in line with that consensus.
>
>
>
> Francis
>
>
>
>
>
>
>
> *From:* Rex Jaeschke [mailto:rex at RexJaeschke.com]
> *Sent:* 04 May 2016 20:03
> *To:* 'SC34' <e-SC34-WG4 at ecma-international.org>
> *Subject:* XAdES Support and the Revised OPC [formerly "DR 11-0030:
> Proposal"]
>
>
>
> Hi there Murata-san,
>
>
>
> Below, you wrote, “We are committed to the introduction of XAdES EN
> into the OPC revision.”
>
>
>
> I’m asking for clarification of this statement, so it is not
> misunderstood. At a glance, it seems to be making a broader claim that I
> thought WG4 had agreed to.
>
>
>
> From the Barcelona meeting minutes: “On Tuesday, in WG4 discussions: There
> was consensus that we should produce an informative annex describing a
> profile for XAdES appropriate for use with OPC, and allow for both DigSig
> 1.0 and 1.1 in the text.”
>
>
>
> When this was agreed to, it was my understanding that there would **not**
> be any mandatory normative text re XAdES in the new OPC spec. Instead, the
> informative profile would give directions as to how an implementation could
> support XAdES, if it chose to do so. Specifically, a conforming
> implementation of the next edition of 29500-2 need **not** provide any
> support for XAdES at all.
>
>
>
> Rex
>
>
>
>
>
>
>
> *From:* eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com <eb2mmrt at gmail.com>] *On
> Behalf Of *MURATA Makoto
> *Sent:* Saturday, April 30, 2016 10:41 AM
> *To:* SC34 <e-SC34-WG4 at ecma-international.org>
> *Subject:* DR 11-0030: Proposal
>
>
>
> *DR 11-0030* - OPC:  Obsolete version of W3C XML Digital Signature 1.0
>
>
> https://skydrive.live.com/view.aspx/Public%20Documents/2011/DR-11-0030.docx?cid=c8ba0861dc5e4adc&sc=documents
>
>
>
> This DR requests a change in the normative reference of Part 2 §3 from
> XMLDSig 1.0 (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/) to
> XMLDSig 1.1 (http://www.w3.org/TR/xmldsig-core1/).
>
>
>
> We are committed to the introduction of XAdES EN into
>
> the OPC revision.  XAdES EN uses XML DSig 1.1
>
> rather than 1.0.  I thus believe that we cannot stick
>
> to DSig 1.0.
>
>
>
> Regards,
> Makoto
>
>
>
>
>
> --
>
>
> Praying for the victims of the Japan Tohoku earthquake
>
> Makoto
>

-- 

Praying for the victims of the Japan Tohoku earthquake

Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20160602/454ab616/attachment-0001.html>