Japanese position on the introduction of XAdES to 29500-2
MURATA Makoto
eb2m-mrt at asahi-net.or.jp
Mon May 19 11:36:45 CEST 2014
Dear colleagues,
XAdES experts (Kimura, Miyachi, and Miyazaki) attended the
last meeting of the Japanese SC34 mirror. Here is our position
on the introduction of XAdES to OPC.
- Reference ISO 14533-2, which provides two
conformance levels of XAdES.
- Introduce two conformance levels of OPC. One is
based on XAdES-T while the other, XAdES-A.
- Allow validation restricted to XAdES-T and also
allow validation including XAdES-A.
- Introduce an informative annex for depicting the
workflow around long-term digital signature. It
should describe the grace period clearly.
- Introduce a remedy for compromised hash algorithms.
Since OPC uses ds:Manifest, such compromise allows
potential attacks to XAdES signatures. D.14 of the
latest draft of XAdES fro ETSI (see
http://docbox.etsi.org/esi/Open/Latest_Drafts/prEN-319132-1v004-XAdES-core-STABLE-DRAFT.pdf)
already introduces such a remedy.
- Make clear which option of XAdES is allowed and which
is disallowed in OPC. For example, are counter
signatures allowed?
Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20140519/082c5ab9/attachment.html>
More information about the sc34wg4
mailing list