<div dir="ltr"><div>Dear colleagues,</div><div><br></div><div>We have already agreed not to introduce </div><div>SignatureInfoV1. The rest of XAdES elements </div><div>in OFF-CRYPTO is described in the following </div><div>subsection. We probably have to tweak this </div><div>subsection since we would like to allow all </div><div>conformance levels of XAdES.</div><div><br></div><div>Regards,</div><div>Makoto</div><br><br>2.5.2.6 XAdES Elements<br><br>XML Advanced Electronic Signatures [XAdES]<br>extensions to xmldsig signatures MAY<32> be present<br>in either binary or ECMA-376 documents [ECMA-376]<br>when using xmldsig signatures. XAdES-EPES through<br>XAdES-X-L extensions are specified within a<br>signature. Unless otherwise specified, any optional<br>elements as specified in [XAdES] are ignored. The<br>Object element containing the information as<br>specified in [XAdES] has a number of optional<br>elements, and many of the elements have more than<br>one method specified. A document compliant with this<br>file format uses the following options:<br><br>- The SignedSignatureProperties element MUST contain<br> a SigningCertificate property as specified in<br> [XAdES] section 7.2.2.<br><br>- A SigningTime element MUST be present as specified<br> in [XAdES] section 7.2.1.<br><br>- A SignaturePolicyIdentifier element MUST be<br> present as specified in [XAdES] section 7.2.3.<br><br>- If the information as specified in [XAdES]<br> contains a time stamp as specified by the<br> requirements for XAdES-T, the time stamp<br> information MUST be specified as an<br> EncapsulatedTimeStamp element containing DER<br> encoded ASN.1. data.<br><br>- If the information as specified in [XAdES]<br> contains references to validation data, the<br> certificates used in the certificate chain, except<br> for the signing certificate (1), MUST be contained<br> within the CompleteCertificateRefs element as<br> specified in [XAdES] section 7.4.1. In addition,<br> for the signature to be considered a well-formed<br> XAdES-C signature, a CompleteRevocationRefs<br> element MUST be present, as specified in [XAdES]<br> section 7.4.2.<br><br>- If the information as specified in [XAdES]<br> contains time stamps on references to validation<br> data, the SigAndRefsTimestamp element as specified<br> in [XAdES] section 7.5.1 and [XAdES] section<br> 7.5.1.1 MUST be used. The SigAndRefsTimestamp<br> element MUST specify the time stamp information as<br> an EncapsulatedTimeStamp element containing DER<br> encoded ASN.1. data.<br><br>- If the information as specified in [XAdES]<br> contains properties for data validation values,<br> the CertificateValues and RevocationValues<br> elements MUST be constructed as specified in<br> [XAdES] section 7.6.1 and [XAdES] section<br> 7.6.2. Except for the signing certificate (1), all<br> certificates used in the validation chain MUST be<br> entered into the CertificateValues element.<br><br>There MUST be a Reference element specifying the<br>digest of the SignedProperties element, as specified<br>in [XAdES], section 6.2.1. A Reference element is<br>placed in one of two parent elements, as specified<br>in [XMLDSig]:<br><br>- The SignedInfo element of the top-level Signature<br> XML.<br><br>- A Manifest element contained within an Object<br> element.<br><br>A document compliant with this file format<br>SHOULD<33> place the Reference element specifying<br>the digest of the SignedProperties element within<br>the SignedInfo element. If the Reference element is<br>instead placed in a Manifest element, the containing<br>Object element MUST have an id attribute set to<br>"idXAdESReferenceObject".<br>
</div>