<div dir="ltr">John,<br><div class="gmail_extra"><br><div class="gmail_quote">2015-02-07 9:05 GMT+09:00 John Haug <span dir="ltr"><<a href="mailto:johnhaug@exchange.microsoft.com" target="_blank">johnhaug@exchange.microsoft.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">To be clear, MS-OFFCRYPTO is our documentation of how Office writes and reads digital signatures and in some cases includes information redundant to the standard
to be explicit about what is in our files, so it oughtn’t be replicated verbatim in OPC. </span></p></div></div></blockquote><div><br></div><div>Understood. Nevertheless <span style="color:rgb(31,73,125);font-family:Calibri,sans-serif;font-size:14.6666660308838px">MS-OFFCRYPTO </span>provides </div><div>a good basis.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I’ve also heard back on the items in MS-OFFCRYPTO we discussed in the January teleconference. Comments on that and on Murata-san’s e-mail are covered here.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> </span></p></span></div></div></blockquote><div><br></div><div>The Japanese mirror of SC34 got together and discussed your mail.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><span class=""><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal">We are going to allow every level and recommend the use of A. <u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">I agree we should allow every level, but I’m not certain about pushing -A, at least normatively. I believe it’s been mentioned that sufficient infrastructure
to support -A broadly is not really present yet.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> </span></p></span></div></div></blockquote><div> </div><div><div>We believe that sufficient infrastructure for the level A is already </div><div>present (especially in Europe and Japan) and that the current</div><div>infrastructure continues to be improved.</div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><span class=""><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u></span></p>
<p class="MsoNormal">> - A SigningTime element MUST be present as specified in [XAdES] section 7.2.1.<u></u><u></u></p>
<p class="MsoNormal">The second bullet is controversial. Some believe that it is optional, while others believe that it is mandatory. I think that we should simply reference XAdES without saying anything.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">This is worth discussing. Office writes it in OOXML files and requires it on read. ODF recommends it (ODF 1.2 Part 3, subclause 5.3: “</span>A <xades:SigningTime>
element should be present as specified in [XAdES] section 7.2.1.<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">”)</span></p></div></div></blockquote><div><br></div><div><br></div><div> Reasons for mandating SigningTime should be made clear.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><span class=""><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> <u></u></span></p>
<p class="MsoNormal">We only have to state that timestamps (if any) conform to RFC 3161.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Also worth discussing. Is that the same as saying DER encoded ASN.1? RFC 3161 does discuss ASN.1, but there are various methods of encoding data for ASN.1.
Both ODF (“</span>the time stamp information shall be specified as an EncapsulatedTimeStamp element containing DER encoded ASN.1. Data<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">”) and Office explicitly state DER encoded ASN.1.</span></p></div></div></blockquote><div><br></div><div>We then propose to reference RFC 3161 and require DER encoded ASN.1.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:10pt"><u></u> <u></u></span></p>
<p class="MsoNormal">This is merely a non-normative overview of C as specified in XAdES. Delete it.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Agree, no need to include, adds no additional constraints.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal">This is merely a non-normative overview of X as specified in XAdES. Delete it.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Agree, effectively. As I speculated on the call, this requires use of XAdES-X type 1 when using XAdES-X (disallows type 2 – see Annex B.1 in XAdES 1.3.2) due
to our early implementation of XAdES. We don’t see any reason to preclude using XAdES-X type 2 in OPC.</span></p></div></div></blockquote><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal">This is merely a non-normative overview of X-Las specified in XAdES. Delete it.<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Agree, no need to include, adds no additional constraints.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal">The first and second bullets merely give nor-normative descriptions of XAdES and DSig, respectively. Delete them.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Agree, no need to include, adds no additional constraints.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal">> A document compliant with this file format SHOULD<33> place the Reference element specifying the digest of the SignedProperties element within the SignedInfo element.<u></u><u></u></p>
<p class="MsoNormal">Again, this sentence is non-normative. Delete it.<u></u><u></u></p>
<p class="MsoNormal">> If the Reference element is instead placed in a Manifest element, the containing Object element MUST have an id attribute set "idXAdESReferenceObject".to<u></u><u></u></p>
<p class="MsoNormal">This sentence is needed if we would like to explicitly allow the use of "idXAdESReferenceObject". But we have agreed not to do so.<u></u><u></u></p>
</span><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">It does recommend using the SignedInfo option over the Manifest option (SHOULD is a normative term in our implementer notes docs because they follow RFC 2119).
From what our security contacts tell me, this is the more normal way to do things. MS-OFFCRYPTO only lists the two and discusses the Manifest option because of an idiosyncrasy in Office 2007. Office 2010 and 2013 use SignedInfo. ODF requires use of the
SignedInfo option. I believe we should do the same.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> </span></p></div></div></blockquote><div><br></div><div><br></div><div>XAdES does not mandate the use of -C or -X for -A or -X-L. In other</div><div>words, -A without -C and -X is allowed, and -X-L without -C and -X is</div><div>also allowed. Since -C and -X on top of -A or -X-L leads to</div><div>additional running cost, this optionality is very important.</div><div><br></div><div>Unfortunately, MS Office does not allow this optionality. It rather</div><div>mandates the use of -C and -X for -A or -X-L. Since MS Office is</div><div>widely used, other implementors of XAdES will be forced to use -C and</div><div>-X thus causing additional running cost. We hope that MS Office </div><div>be updated and that the next revision of OPC explicitly require </div><div>implementations to accept -A and -X-L without -C or -X. </div><div><br></div><div>Regards,</div><div>Makoto</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">John<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> <a href="mailto:eb2mmrt@gmail.com" target="_blank">eb2mmrt@gmail.com</a> [mailto:<a href="mailto:eb2mmrt@gmail.com" target="_blank">eb2mmrt@gmail.com</a>]
<b>On Behalf Of </b>MURATA Makoto<br>
<b>Sent:</b> Friday, January 23, 2015 8:49 PM<span class=""><br>
<b>To:</b> SC34<br>
<b>Subject:</b> Re: XAdES elements in OFF-CRYPTO of Microsoft<u></u><u></u></span></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Dear colleagues,<u></u><u></u></p>
</div><div><div class="h5">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Together with XAdES experts, the Japanese SC34 mirror studied MS-<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">OFFCRYPTO. We believe that most of the quoted sentences are <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">not needed in OPC V2.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> 2.5.2.6 XAdES Elements<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> XML Advanced Electronic Signatures [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> extensions to xmldsig signatures MAY<32> be present<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> in either binary or ECMA-376 documents [ECMA-376]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> when using xmldsig signatures. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This sentence explicitly allows the use of XAdES <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">in OPC. Something similar is needed in OPC V2.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">>XAdES-EPES through<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> XAdES-X-L extensions are specified within a<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> signature. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">We are going to allow every level and <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">recommend the use of A. So, this sentence <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">has to be changed.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">>Unless otherwise specified, any optional<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> elements as specified in [XAdES] are ignored. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is harmful. Even if some element is optional, <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">it has to be treated as specified in [XAdES].<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> The<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> Object element containing the information as<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> specified in [XAdES] has a number of optional<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> elements, and many of the elements have more than<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> one method specified.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This sentence is just a non-normative <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">description of what is specified in XAdES.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Delete it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">>A document compliant with this<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> file format uses the following options:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - The SignedSignatureProperties element MUST contain<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> a SigningCertificate property as specified in<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> [XAdES] section 7.2.2.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> - A SigningTime element MUST be present as specified<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> in [XAdES] section 7.2.1.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The second bullet is controversial. Some believe that it is optional,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">while others believe that it is mandatory. I think that we <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">should simply reference XAdES without saying anything.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - A SignaturePolicyIdentifier element MUST be<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> present as specified in [XAdES] section 7.2.3.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">At present, a SignaturePolicyIdentifier element <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">containing no policies are created by MS Office. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Miyachi-san believes that this is a bad practice <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">and OPC V2 should discourage such SignaturePolicyIdentifier <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> - If the information as specified in [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> contains a time stamp as specified by the<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> requirements for XAdES-T, the time stamp<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> information MUST be specified as an<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> EncapsulatedTimeStamp element containing DER<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> encoded ASN.1. data.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">We only have to state that timestamps (if any) <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">conform to RFC 3161.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - If the information as specified in [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> contains references to validation data, the<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> certificates used in the certificate chain, except<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> for the signing certificate (1), MUST be contained<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> within the CompleteCertificateRefs element as<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> specified in [XAdES] section 7.4.1. In addition,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> for the signature to be considered a well-formed<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> XAdES-C signature, a CompleteRevocationRefs<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> element MUST be present, as specified in [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> section 7.4.2.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is merely a non-normative overview of C <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">as specified in XAdES. Delete it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - If the information as specified in [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> contains time stamps on references to validation<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> data, the SigAndRefsTimestamp element as specified<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> in [XAdES] section 7.5.1 and [XAdES] section<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> 7.5.1.1 MUST be used. The SigAndRefsTimestamp<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> element MUST specify the time stamp information as<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> an EncapsulatedTimeStamp element containing DER<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> encoded ASN.1. data.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is merely a non-normative overview of X <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">as specified in XAdES. Delete it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - If the information as specified in [XAdES]<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> contains properties for data validation values,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> the CertificateValues and RevocationValues<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> elements MUST be constructed as specified in<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> [XAdES] section 7.6.1 and [XAdES] section<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> 7.6.2. Except for the signing certificate (1), all<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> certificates used in the validation chain MUST be<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> entered into the CertificateValues element.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is merely a non-normative overview of X-L<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">as specified in XAdES. Delete it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> There MUST be a Reference element specifying the<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> digest of the SignedProperties element, as specified<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> in [XAdES], section 6.2.1. A Reference element is<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> placed in one of two parent elements, as specified<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> in [XMLDSig]:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - The SignedInfo element of the top-level Signature<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> XML.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> - A Manifest element contained within an Object<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> element.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The first and second bullets merely give nor-normative <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">descriptions of XAdES and DSig, respectively. Delete <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">them.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> A document compliant with this file format<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> SHOULD<33> place the Reference element specifying<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> the digest of the SignedProperties element within<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> the SignedInfo element.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Again, this sentence is non-normative. Delete it.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">> If the Reference element is<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> instead placed in a Manifest element, the containing<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">> Object element MUST have an id attribute set "idXAdESReferenceObject".to<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This sentence is needed if we would like to explicitly allow the use<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">of "idXAdESReferenceObject". But we have agreed not <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">to do so.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br>
Makoto<u></u><u></u></p>
</div>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><br>Praying for the victims of the Japan Tohoku earthquake<br><br>Makoto</div>
</div></div>