OPC revision on top of XAdES 319 132-1 and -2

MURATA Makoto eb2m-mrt at asahi-net.or.jp
Wed Apr 8 15:28:06 CEST 2015 

2015-04-08 8:04 GMT+09:00 John Haug <johnhaug at exchange.microsoft.com>:

>  > It uses a new namespaces for many of the existing elements.  Thus,
>
> data conforming to XAdES 101 903 (such as exisiting
>
> OFF-CRYPTO XAdES) will never conform to XAdES 319 132.
>
>
>
> This is a good point to raise.  Do we want to preclude the existing
> in-market XAdES from being used in OPC?
>

The use of  the existing XAdES as described in OFF-CRYPTO is certainly
allowed by OPC, since OFF-CRYPTO takes advantages of extension points
of OPC (e.g., the Object element).  When we revise OPC, we should continue
to provide these extension points and continue to allow the use of the
existing
XAdES as described in OFF-CRYPTO.



> I think that may not be a good idea.  At this point, the new XAdES is
> still a draft and will take some years to be approved by EU member states
> plus quite some years to possibly be adopted by industry.  I can see
> allowing for the possibility of the new version, but I don’t think we ought
> to prevent the current method from being used, even though it does have
> shortcomings addressed by the new version.  I think any OPC-specific
> requirements we add can be specified in a manner that is XAdES version
> agnostic.  For example, the ones in the draft text we looked at in Bellevue
> that were based on MS-OFFCRYPTO and ODF.  I think the normative references
> could allow both XAdES.  This is a good topic for broader discussion.
>

We have to distinguish two things: (A) the use of XAdES is allowed, and
(B) conventions for using XAdES are standardized.  To do (A), we only
have to provide extension points.  To do (B), we have to reference XAdES
specs and introduce normative sentences.

I think that we need (A1) and (B1) shown below:

   (A1) the use of the existing XAdES is allowed,

   (B1) conventions for using the upcoming XAdES are standardized

Does this sound reasonable?

Regards,
Makoto

>
>
> John
>
>
>
> *From:* eb2mmrt at gmail.com [mailto:eb2mmrt at gmail.com] *On Behalf Of *MURATA
> Makoto
> *Sent:* Saturday, April 4, 2015 6:30 AM
> *To:* SC34
> *Subject:* Re: OPC revision on top of XAdES 319 132-1 and -2
>
>
>
> I wrote:
>
>
>
> Q3: Should we introduce a new value for
> ds:Reference/@Type?  (My two cents: Yes)
>
> But this is mistaken.  Both the new and legacy
> versions of XAdES use
> http://uri.etsi.org/01903#SignedProperties
> We have to use it.
>
>
>
> John left a comment on 12.6 (Generating Signatures) amd 12.7
>
> (Validating Signatures) on his draft text for incorporating XAdES.
>
> His comment is:
>
>
>
>       Does anything need to change here for XAdES?
>
>
>
> Meanwhile, the new version of XAdES clearly says (in the Scope):
>
>
>
>   Procedures for creation and validation of XAdES
>
>   digital signatures are out of scope and specified in EN 319 102
>
>
>
> So, the incorporation of XAdES does not require any changes to these
>
> clauses.
>
>
>
> Regards,
>
> Makoto
>
>
>
> 2015-04-01 9:16 GMT+09:00 MURATA Makoto <eb2m-mrt at asahi-net.or.jp>:
>
>   Dear colleagues,
>
>
>
> I reported the result of the Seattle meeting to XAdES
>
> experts in Japan.  They are happy to hear that SC34 and
>
> ETSI are likely to work together.  I spoke with Kimura-san
>
> and find that another committee in ETSI become a liaison of
>
> another JTC1 committee recently by submitting a document to
>
> JTC1.  I sent that document to Juan and requested his
>
> committee to submit it to JTC1.
>
>
>
> I believe that we should use the upcoming version of XAdES
>
> (319 132-1 [1] and 132-2 [2]) rather than the current
>
> version (101 903) as a basis of our OPC revision.  It uses
>
> a new namespaces for many of the existing elements.  Thus,
>
> data conforming to XAdES 101 903 (such as exisiting
>
> OFF-CRYPTO XAdES) will never conform to XAdES 319 132.
>
>
>
> One of the issues in XAdES 101 903 is that the
>
> relationships among conformance levels is very unclear.
>
> XAdES 319 132 is much better than that.  It now makes clear
>
> which conformnace level requires which element in Annexes.
>
>
>
> But what should our spec look like?  Here are some questions.
>
>
>
> Q1: Shoulld we reference both 319 132-1 and 132-2?  (My two cents: Yes)
>
>
>
> Q2: Should we introduce a new value  for Object/@Id?  (My two cents: No)
>
>
>
> Q3: Should we introduce a new value for ds:Reference/@Type?  (My two
> cents: Yes)
>
>
>
> Q4: Should we introduce some additional requirements on XAdES by
>
>     eliminating some options?  (I have no ideas here.)
>
>
>
> Regards,
>
> Makoto
>
>
>
> [1]
> http://docbox.etsi.org/ESI/Open/Latest_Drafts/prEN-319132-1v009-XAdES-BuildingBlocksAndBaselineSignatures-STABLE-DRAFT.pdf
>
> [2]
> http://docbox.etsi.org/ESI/Open/Latest_Drafts/prEN-319132-2v009-XAdES-ExtendedSignatures-STABLE-DRAFT.pdf
>
>
>
>
>
> --
>
>
> Praying for the victims of the Japan Tohoku earthquake
>
> Makoto
>



-- 

Praying for the victims of the Japan Tohoku earthquake

Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20150408/d1832107/attachment.html>

More information about the sc34wg4 mailing list