XAdES elements in OFF-CRYPTO of Microsoft

[MURATA Makoto]

Miyachi-san believes that the quoted paragraphs
allow five leveles of XAdES (EPES, T, C, X, X-L)
and mandate C and X.  He thinks
that tjhey should be optional.

Furthemore, as agreed in Kyoto, we should allow
EPES/BES, T, X-L, and A.

Regards,
Makoto

2014-12-27 18:21 GMT+09:00 MURATA Makoto <eb2m-mrt at asahi-net.or.jp>:

> Dear colleagues,
>
> We have already agreed not to introduce
> SignatureInfoV1.  The rest of XAdES elements
> in OFF-CRYPTO is described in the following
> subsection.  We probably have to tweak this
> subsection since we would like to allow all
> conformance levels of XAdES.
>
> Regards,
> Makoto
>
>
> 2.5.2.6 XAdES Elements
>
> XML Advanced Electronic Signatures [XAdES]
> extensions to xmldsig signatures MAY<32> be present
> in either binary or ECMA-376 documents [ECMA-376]
> when using xmldsig signatures. XAdES-EPES through
> XAdES-X-L extensions are specified within a
> signature. Unless otherwise specified, any optional
> elements as specified in [XAdES] are ignored.  The
> Object element containing the information as
> specified in [XAdES] has a number of optional
> elements, and many of the elements have more than
> one method specified. A document compliant with this
> file format uses the following options:
>
> - The SignedSignatureProperties element MUST contain
>   a SigningCertificate property as specified in
>   [XAdES] section 7.2.2.
>
> - A SigningTime element MUST be present as specified
>   in [XAdES] section 7.2.1.
>
> - A SignaturePolicyIdentifier element MUST be
>   present as specified in [XAdES] section 7.2.3.
>
> - If the information as specified in [XAdES]
>   contains a time stamp as specified by the
>   requirements for XAdES-T, the time stamp
>   information MUST be specified as an
>   EncapsulatedTimeStamp element containing DER
>   encoded ASN.1. data.
>
> - If the information as specified in [XAdES]
>   contains references to validation data, the
>   certificates used in the certificate chain, except
>   for the signing certificate (1), MUST be contained
>   within the CompleteCertificateRefs element as
>   specified in [XAdES] section 7.4.1. In addition,
>   for the signature to be considered a well-formed
>   XAdES-C signature, a CompleteRevocationRefs
>   element MUST be present, as specified in [XAdES]
>   section 7.4.2.
>
> - If the information as specified in [XAdES]
>   contains time stamps on references to validation
>   data, the SigAndRefsTimestamp element as specified
>   in [XAdES] section 7.5.1 and [XAdES] section
>   7.5.1.1 MUST be used. The SigAndRefsTimestamp
>   element MUST specify the time stamp information as
>   an EncapsulatedTimeStamp element containing DER
>   encoded ASN.1. data.
>
> - If the information as specified in [XAdES]
>   contains properties for data validation values,
>   the CertificateValues and RevocationValues
>   elements MUST be constructed as specified in
>   [XAdES] section 7.6.1 and [XAdES] section
>   7.6.2. Except for the signing certificate (1), all
>   certificates used in the validation chain MUST be
>   entered into the CertificateValues element.
>
> There MUST be a Reference element specifying the
> digest of the SignedProperties element, as specified
> in [XAdES], section 6.2.1. A Reference element is
> placed in one of two parent elements, as specified
> in [XMLDSig]:
>
> - The SignedInfo element of the top-level Signature
>   XML.
>
> - A Manifest element contained within an Object
>   element.
>
> A document compliant with this file format
> SHOULD<33> place the Reference element specifying
> the digest of the SignedProperties element within
> the SignedInfo element. If the Reference element is
> instead placed in a Manifest element, the containing
> Object element MUST have an id attribute set to
> "idXAdESReferenceObject".
>



-- 

Praying for the victims of the Japan Tohoku earthquake

Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20150115/33e5efad/attachment.html>