ietf-smime
[Top] [All Lists]

Re: Extending CAdES to support usual signature upgrading to CAdES-T and further

2008-05-26 05:28:16
CadES requires the signing certificate reference. This is not going to change.

You would like to time-stamp non-CAdES signatures. You can certainly do this, 
but do not call this CAdES-T.
Placing the reference in the time-stamp token would not provide the same 
protection.

Regards,

Denis

Denis Pinkas, denis(_dot_)pinkas(_at_)bull(_dot_)net
2008-05-26 
----- Message reçu ----- 
De : owner-ietf-smime 
À : 'Pope,Nick',ESI,ietf-smime 
Date : 2008-05-26, 12:50:13
Sujet : Extending CAdES to support usual signature upgrading to CAdES-T and 
further


Hello all and personally Nick,

In current CAdES wording a regular signature without at least one signed 
attribute (Signing certificate reference) cannot be added with timestamps and 
validation data to achieve CAdES-T or more advanced CAdES signature. This need 
arises, e.g., in a system with existing regular signatures. There is no chance 
to add the required attribute to the already computed signature, but there is a 
strong need to add CAdES properties to such signatures.

There is rather simple approach to achieve the same properties without 
including signing certificate reference as a signed attribute. Let us include 
this reference as an extension in the CAdES-T timestamp (signature timestamp). 
To get such timestamp one would need to include this extension in a timestamp 
request and a TSA would have to shift this extension to a timestamp token.

Let us define the proposed extension to a timestamp protocol and call the 
signature we get a valid CAdES-T signature. More advanced CAdES signature types 
turn out from this new CAdES-T perfectly without any modification. What do you 
think?

Pavel Smirnov
Crypto-Pro
Tel./Fax: +7 495 780-4820
WWW: http://www.CryptoPro.ru
e-mail: spv(_at_)CryptoPro(_dot_)ru
<Prev in Thread] Current Thread [Next in Thread>