Digital signature terminology

MURATA Makoto eb2m-mrt at asahi-net.or.jp
Tue Jan 23 11:26:15 CET 2018


Folks,

In the terminology of XML digital signatures, validation does not mean
the test of documents using schemas.  Rather, validation means
checking whether documents are modified after they are signed.  This
validation is called "core validation".

Core validation has two steps.  The first step checks whether digest
values are correct.  The second step checks whether digital signatures
created from digest values are correct.  The first step is called
"reference validation", while the second step is called "signature
validation".

So, we should not use "signature validation" for the entire process of
checking whether documents are modified after it is signed.

Likewise, we should not use "signature generation" for the process of
signing documents.

We could use "core validation" and "core generation", as defined in
XML digital signatures.  But these terms are confusing in the context
of OPC.  What is more, OPC introduces some OPC-specific substeps (in
a conformant way).

I am wondering if we should rather "OPC digital signature generation"
and  "OPC digital signature validation".  How do people feel?

Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20180123/e9ed54cb/attachment.html>


More information about the sc34wg4 mailing list