<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The scenario that this two-step process addresses is the inherent lag between the time that a signing certificate is compromised and the time that the revocation
of that compromised certificate is published in the CRL. Regardless of how promptly a compromise is detected, reported, and the updated CRL is published there will be some non-zero interval of time during which the certificate might be used to sign documents.
Signatures generated before the certificate was compromised (or, more likely, up to the time that the certificate was last known to be uncompromised, since the exact time of compromise is often unknown) should be recognized as valid, and any signatures generated
after the updated CRL is published can be authoritatively determined to be invalid, but any that are signed in the interim are suspect. The grace period for a given signature system will account for the expected maximum interval between compromise and detection,
between detection and reporting, and between reporting and appearing in a published CRL. By checking the CRL again after the grace period expires the relying party can have a very high confidence that the signature is valid if the signing certificate is still
not in the CRL.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Jim<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></a></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> eb2mmrt@gmail.com [mailto:eb2mmrt@gmail.com]
<b>On Behalf Of </b>MURATA Makoto<br>
<b>Sent:</b> Thursday, May 15, 2014 3:48 AM<br>
<b>To:</b> SC34<br>
<b>Subject:</b> Grace Period for XAdES<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">Dear colleagues,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In the last teleconference, somebody asked why long-term <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">digital signature requires two steps.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I am not at all an expert, but I forwarded the question<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">to my colleagues. I learned that the "grace period" is <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">the reason. After completing the first step, we have to <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">wait for a while and then complete the second step.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The "grace period" is to make sure that revocation <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal">information from the CA is appropriate.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Let me quote a few sentences from "Draft EN 319 132-1 <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">V0.0.4 (2013-11)" of XAdES.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="margin-left:30.0pt;margin-right:0in">
<div>
<p class="MsoNormal">When using CRLs to get revocation information, a verifier <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">will have to make sure that he or she gets at the time of the <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">first validation the appropriate certificate revocation information <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">from the signer's CA. Usually this is done as soon as <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">possible, after the grace period, to minimize the time delay <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">between the generation and validation of the signature. <o:p></o:p></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Regards,<br>
Makoto <o:p></o:p></p>
</div>
</div>
</body>
</html>