<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2015-06-06 8:51 GMT+09:00 John Haug <span dir="ltr"><<a href="mailto:johnhaug@exchange.microsoft.com" target="_blank">johnhaug@exchange.microsoft.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:Calibri,sans-serif;font-size:11pt"> </span><br></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Having re-read TS 101 903 and MS-OFFCRYPTO and the JNSA presentations, it’s possible that any implementer confusion about -XL might stem specifically from the
text of B.2, which states that it builds on -X. In its entirety:<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt">Extended long electronic signatures with time (XAdES-X-L) forms in accordance with the present document build up<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt">on XAdES-X types 1 or 2 by adding the
</span><span style="font-size:10.0pt;font-family:Courier">CertificateValues </span>
<span style="font-size:10.0pt">and </span><span style="font-size:10.0pt;font-family:Courier">RevocationValues
</span><span style="font-size:10.0pt">unsigned properties<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt">aforementioned.<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt"><u></u> </span></p></div></div></blockquote><div><br></div><div>Right. What XAdES experts say is completely different from what I interpret from the text </div><div>you quoted from the existing XAdES spec. But what they say is based on XAdES </div><div>interoperability testing in a world-wide basis.</div><div><br></div><div>Regards,</div><div>Makoto</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt"><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">The structure for the most complete XAdES-X-L, built on the most complete XAdES-X signature, is shown below.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Now to continue trying to make sense of 101 903 vs. 319 132.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">John<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:eb2mmrt@gmail.com" target="_blank">eb2mmrt@gmail.com</a> [mailto:<a href="mailto:eb2mmrt@gmail.com" target="_blank">eb2mmrt@gmail.com</a>]
<b>On Behalf Of </b>MURATA Makoto<br>
<b>Sent:</b> Friday, June 5, 2015 3:35 PM</span></p><div><div class="h5"><br>
<b>To:</b> <a href="mailto:e-SC34-WG4@ecma-international.org" target="_blank">e-SC34-WG4@ecma-international.org</a><br>
<b>Subject:</b> Re: Japanese position on the introduction of XAdES to OPC.<u></u><u></u></div></div><p></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">John,<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">2015-06-06 7:14 GMT+09:00 John Haug <<a href="mailto:johnhaug@exchange.microsoft.com" target="_blank">johnhaug@exchange.microsoft.com</a>>:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">It would be handy to have a set of OOXML files with various levels of XAdES signatures…</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Agreed. But JNSA is not sure if making the existing XAdES as a first-class citizen <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">(i.e., conformance without relying on extension points) rather than a second-class <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">citizen (i.e., conformance bases on extension points) has enough advantages for <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">justifying the cost for preparing such a set of OOXML files and studying the <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">behaviour of MS Office. After all, EU will not care the existing XAdES. It will care <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">the upcoming XAdES, which is backed by <span style="color:#6a6a6a">eIDAS</span>. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">>
</span>However, JNSA experts believe that MS Office reports such signatures as errors.<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">That may be, I don’t know – I have no files to test or check with the security team.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">>
</span>disallow this behaviour thus making MS Office non-conformant<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Not so much non-conformant as simply not supporting a particular level, no? I don’t think there is
a requirement to support all levels of XAdES.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">XAdES-X-L without references to validation data and that with references to validation data are both <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">XAdES-X-L. If you support XAdES-X-L, you have to handle both of them correctly.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I’m not sure what Office does with a -A signature – I’ve never seen a file with one. I *suspect* anytime
it runs into a signature it can’t parse (either due to an error in the signature markup or finding markup it doesn’t understand), it warns the user that the signature is invalid.</span><u></u><u></u></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Makoto<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">John</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
</span><a href="mailto:eb2mmrt@gmail.com" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">eb2mmrt@gmail.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> [mailto:</span><a href="mailto:eb2mmrt@gmail.com" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">eb2mmrt@gmail.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">]
<b>On Behalf Of </b>MURATA Makoto<br>
<b>Sent:</b> Friday, June 5, 2015 2:48 PM<br>
<b>To:</b> </span><a href="mailto:e-SC34-WG4@ecma-international.org" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">e-SC34-WG4@ecma-international.org</span></a><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><br>
<b>Subject:</b> Re: Japanese position on the introduction of XAdES to OPC.<u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Please look at the page "State transitions of the XAdES profiles" in<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Lecture_on_XAdES_20140923.pdf in WG4 N 289 (in 2014). It was used in<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Kyoto.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://isotc.iso.org/livelink/livelink?func=ll&objId=16821707&objAction=Open" target="_blank">http://isotc.iso.org/livelink/livelink?func=ll&objId=16821707&objAction=Open</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">It clearly shows that XAdES-X-L (and XAdES-A) can be created from<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">XAdES-T. It is not required to create XAdES-C before creating<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">XAdES-X-L. In other words, XAdES-X-L signatures WITHOUT REFERENCES TO<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">VALIDATION DATA are perfectly legitimate XAdES signatures. However,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">JNSA experts believe that MS Office reports such signatures as errors.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">If the upcoming revision explicitly allows the use of the current<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">version of XAdES, it will disallow this behaviour thus making MS<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Office non-conformant.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I understand why this misinterpretation happened. The existing XAdES<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">specifications are extremely unclear about the relationship of<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">conformance levels. However, those who are involved in XAdES<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">implementations (and interoperability testing) agree that XAdES-X-L<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">signatures without references to validation data are perfectly<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">legitimate.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">You wrote: "I believe Microsoft Office supports all except -A."<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">What does Microsoft Office do when it receives XAdES-A? Does <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">it report an error?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Makoto<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">2015-06-06 5:39 GMT+09:00 John Haug <<a href="mailto:johnhaug@exchange.microsoft.com" target="_blank">johnhaug@exchange.microsoft.com</a>>:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I had to dig back through old mail with the security folks who worked on this years ago. If this is
related to the question about “validation data” and MS-OFFCRYPTO seemingly requiring –C and disallowing –T, I’m told that’s not the intent. OPC should allow whatever XAdES levels it defines; applications can choose whether to support various levels based
on their needs and industry adoption. I believe Microsoft Office supports all except -A.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">John</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
</span><a href="mailto:eb2mmrt@gmail.com" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">eb2mmrt@gmail.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> [mailto:</span><a href="mailto:eb2mmrt@gmail.com" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">eb2mmrt@gmail.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">]
<b>On Behalf Of </b>MURATA Makoto<br>
<b>Sent:</b> Saturday, May 30, 2015 1:48 AM<br>
<b>To:</b> John Haug<br>
<b>Cc:</b> </span><a href="mailto:e-SC34-WG4@ecma-international.org" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">e-SC34-WG4@ecma-international.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<b>Subject:</b> Re: Japanese position on the introduction of XAdES to OPC.</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">2015-05-29 3:21 GMT+09:00 John Haug <<a href="mailto:johnhaug@exchange.microsoft.com" target="_blank">johnhaug@exchange.microsoft.com</a>>:<u></u><u></u></p>
<div>
<div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">>
</span>Then, we will have two sets of conventions: Microsoft XAdES and the revised OPC. They are unlikely to be identical.<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I think this is the crux of what we need to figure out in detail. My impression is that XAdES hasn’t
changed terribly in its markup details, which would allow OPC to make restricting statements that would apply equally to current and upcoming XAdES. I may be wrong. Though if the differences are minor, we may simply note something like: for TS 101 903: foo,
and for EN 319 132: bar. We have a proposed set of requirements based on TS 101 903 in a draft we looked at in Bellevue, very similar to both MS-OFFCRYPTO and ODF 1.2, which we could evaluate against the latest draft of EN 319 132 to get a better idea of
this.</span><u></u><u></u></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The conventions on the use of the current XAdES, if standardized <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">as part of the OPC revision, would allow XAdES-A as well as -L/-X-L without <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">-C. (This is the right thing to do.) But how does Microsoft Office as of now<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> handle them?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">JNSA experts believe that Microsoft Office cannot handle -L/-X-L without -C.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">In other words, standardizing the conventions on the use of the <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">current XAdES may make Microsoft Office non-conformant.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Makoto<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<p class="MsoNormal">--
<u></u><u></u></p>
<div>
<p class="MsoNormal"><br>
Praying for the victims of the Japan Tohoku earthquake<br>
<br>
Makoto<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<p class="MsoNormal"><br>
Praying for the victims of the Japan Tohoku earthquake<br>
<br>
Makoto<u></u><u></u></p>
</div>
</div>
</div>
</div></div></div>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><br>Praying for the victims of the Japan Tohoku earthquake<br><br>Makoto</div>
</div></div>