OPC revision on top of XAdES 319 132-1 and -2

John Haug johnhaug at exchange.microsoft.com
Wed Apr 8 01:04:28 CEST 2015


> It uses a new namespaces for many of the existing elements.  Thus,
data conforming to XAdES 101 903 (such as exisiting
OFF-CRYPTO XAdES) will never conform to XAdES 319 132.

This is a good point to raise.  Do we want to preclude the existing in-market XAdES from being used in OPC?  I think that may not be a good idea.  At this point, the new XAdES is still a draft and will take some years to be approved by EU member states plus quite some years to possibly be adopted by industry.  I can see allowing for the possibility of the new version, but I don’t think we ought to prevent the current method from being used, even though it does have shortcomings addressed by the new version.  I think any OPC-specific requirements we add can be specified in a manner that is XAdES version agnostic.  For example, the ones in the draft text we looked at in Bellevue that were based on MS-OFFCRYPTO and ODF.  I think the normative references could allow both XAdES.  This is a good topic for broader discussion.

John

From: eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] On Behalf Of MURATA Makoto
Sent: Saturday, April 4, 2015 6:30 AM
To: SC34
Subject: Re: OPC revision on top of XAdES 319 132-1 and -2

I wrote:

Q3: Should we introduce a new value for
ds:Reference/@Type?  (My two cents: Yes)
But this is mistaken.  Both the new and legacy
versions of XAdES use
http://uri.etsi.org/01903#SignedProperties
We have to use it.

John left a comment on 12.6 (Generating Signatures) amd 12.7
(Validating Signatures) on his draft text for incorporating XAdES.
His comment is:

      Does anything need to change here for XAdES?

Meanwhile, the new version of XAdES clearly says (in the Scope):

  Procedures for creation and validation of XAdES
  digital signatures are out of scope and specified in EN 319 102

So, the incorporation of XAdES does not require any changes to these
clauses.

Regards,
Makoto

2015-04-01 9:16 GMT+09:00 MURATA Makoto <eb2m-mrt at asahi-net.or.jp<mailto:eb2m-mrt at asahi-net.or.jp>>:
Dear colleagues,

I reported the result of the Seattle meeting to XAdES
experts in Japan.  They are happy to hear that SC34 and
ETSI are likely to work together.  I spoke with Kimura-san
and find that another committee in ETSI become a liaison of
another JTC1 committee recently by submitting a document to
JTC1.  I sent that document to Juan and requested his
committee to submit it to JTC1.

I believe that we should use the upcoming version of XAdES
(319 132-1 [1] and 132-2 [2]) rather than the current
version (101 903) as a basis of our OPC revision.  It uses
a new namespaces for many of the existing elements.  Thus,
data conforming to XAdES 101 903 (such as exisiting
OFF-CRYPTO XAdES) will never conform to XAdES 319 132.

One of the issues in XAdES 101 903 is that the
relationships among conformance levels is very unclear.
XAdES 319 132 is much better than that.  It now makes clear
which conformnace level requires which element in Annexes.

But what should our spec look like?  Here are some questions.

Q1: Shoulld we reference both 319 132-1 and 132-2?  (My two cents: Yes)

Q2: Should we introduce a new value  for Object/@Id?  (My two cents: No)

Q3: Should we introduce a new value for ds:Reference/@Type?  (My two cents: Yes)

Q4: Should we introduce some additional requirements on XAdES by
    eliminating some options?  (I have no ideas here.)

Regards,
Makoto

[1] http://docbox.etsi.org/ESI/Open/Latest_Drafts/prEN-319132-1v009-XAdES-BuildingBlocksAndBaselineSignatures-STABLE-DRAFT.pdf
[2] http://docbox.etsi.org/ESI/Open/Latest_Drafts/prEN-319132-2v009-XAdES-ExtendedSignatures-STABLE-DRAFT.pdf



--

Praying for the victims of the Japan Tohoku earthquake

Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20150407/8129b9f5/attachment.html>


More information about the sc34wg4 mailing list