Hello all and personally Nick,
In current CAdES wording a regular signature without at least one signed
attribute (Signing certificate reference) cannot be added with timestamps
and validation data to achieve CAdES-T or more advanced CAdES signature.
This need arises, e.g., in a system with existing regular signatures. There
is no chance to add the required attribute to the already computed
signature, but there is a strong need to add CAdES properties to such
signatures.
There is rather simple approach to achieve the same properties without
including signing certificate reference as a signed attribute. Let us
include this reference as an extension in the CAdES-T timestamp (signature
timestamp). To get such timestamp one would need to include this extension
in a timestamp request and a TSA would have to shift this extension to a
timestamp token.
Let us define the proposed extension to a timestamp protocol and call the
signature we get a valid CAdES-T signature. More advanced CAdES signature
types turn out from this new CAdES-T perfectly without any modification.
What do you think?
Pavel Smirnov
Crypto-Pro
Tel./Fax: +7 495 780-4820
WWW: <http://www.cryptopro.ru/> http://www.CryptoPro.ru
e-mail: <mailto:spv(_at_)CryptoPro(_dot_)ru> spv(_at_)CryptoPro(_dot_)ru