This is not a comment on the proposed draft text, but rather a question as
to
whether the issue discussed below should be addressed by adding another
"enhanced service" to ESS or rather to consider a separate draft.
The inclination is to keep it separate to avoid delaying ESS-bis, but it MAY
logically fit within ESS...
The response to this e-mail could be:
1. Lets add a section to ESS to address this issue.
2. Issue sounds interesting but it should be proposed as a separate draft
and
we'll look at it.
3. This can already be done with "XYZ".
4. Not interested (silence).
the ad-hoc techniques od RFC 3126 adding time stamps are one point.
As far as I remember there is also the possibility in PKCS9 to add a
'contenttype'
structure as an attribute of whatever attesttion a 'signature validation'
service
(e.g. RFC 3029) can produce.
Also, The topic of validation of signed documents seems to be part of
the ltans group (notarisation). A binding of to a concrete
field in CMS/ESS signedData as an attribute or so seems useful to me
but to do this as generic as possible.
What may fit logically into ESS seems to me is an 'extended rule for validation'
of such structures, similar to the rule to validate ESSSigningCertificate.