Grace Period for XAdES

Jim Thatcher Jim.Thatcher at microsoft.com
Thu May 15 12:19:30 CEST 2014


The scenario that this two-step process addresses is the inherent lag between the time that a signing certificate is compromised and the time that the revocation of that compromised certificate is published in the CRL. Regardless of how promptly a compromise is detected, reported, and the updated CRL is published there will be some non-zero interval of time during which the certificate might be used to sign documents. Signatures generated before the certificate was compromised (or, more likely, up to the time that the certificate was last known to be uncompromised, since the exact time of compromise is often unknown) should be recognized as valid, and any signatures generated after the updated CRL is published can be authoritatively determined to be invalid, but any that are signed in the interim are suspect. The grace period for a given signature system will account for the expected maximum interval between compromise and detection, between detection and reporting, and between reporting and appearing in a published CRL. By checking the CRL again after the grace period expires the relying party can have a very high confidence that the signature is valid if the signing certificate is still not in the CRL.

Regards,
Jim

From: eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] On Behalf Of MURATA Makoto
Sent: Thursday, May 15, 2014 3:48 AM
To: SC34
Subject: Grace Period for XAdES

Dear colleagues,

In the last teleconference, somebody asked why long-term
digital signature requires two steps.

I am not at all an expert, but I forwarded the question
to my colleagues.  I learned that the "grace period" is
the reason.  After completing the first step, we have to
wait for a while and then complete the second step.

The "grace period" is to make sure that revocation
information from the CA is appropriate.

Let me quote a few sentences from "Draft EN 319 132-1
V0.0.4 (2013-11)" of XAdES.

When using CRLs to get revocation information, a verifier
will have to make sure that he or she gets at the time of the
first validation the appropriate certificate revocation information
from the signer's CA. Usually this is done as soon as
possible, after the grace period, to minimize the time delay
between the generation and validation of the signature.

Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20140515/2c1efd4c/attachment.html>


More information about the sc34wg4 mailing list