ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Extending CAdES to support usual signature upgrading to CAdES -T and further

2008-06-04 01:54:23
from [Pope, Nick] [Permanent Link] 
Pavel,

 

I personally have some sympathy for your view.  I will add this issue to
those for discussion at the next ETSI meeting later in June.

 

Nick

 

 

-----Original Message-----
From: Pavel V. Smirnov [mailto:spv(_at_)cryptopro(_dot_)ru] 
Sent: 26 May 2008 11:50
To: 'Pope, Nick'; ESI(_at_)LIST(_dot_)ETSI(_dot_)ORG; 
ietf-smime(_at_)imc(_dot_)org
Subject: Extending CAdES to support usual signature upgrading to CAdES-T and
further

 

Hello all and personally Nick,

 

In current CAdES wording a regular signature without at least one signed
attribute (Signing certificate reference) cannot be added with timestamps
and validation data to achieve CAdES-T or more advanced CAdES signature.
This need arises, e.g., in a system with existing regular signatures. There
is no chance to add the required attribute to the already computed
signature, but there is a strong need to add CAdES properties to such
signatures.

 

There is rather simple approach to achieve the same properties without
including signing certificate reference as a signed attribute. Let us
include this reference as an extension in the CAdES-T timestamp (signature
timestamp). To get such timestamp one would need to include this extension
in a timestamp request and a TSA would have to shift this extension to a
timestamp token.

 

Let us define the proposed extension to a timestamp protocol and call the
signature we get a valid CAdES-T signature. More advanced CAdES signature
types turn out from this new CAdES-T perfectly without any modification.
What do you think?

 

Pavel Smirnov

Crypto-Pro
Tel./Fax: +7 495 780-4820
WWW:  <http://www.cryptopro.ru/> http://www.CryptoPro.ru
e-mail:  <mailto:spv(_at_)CryptoPro(_dot_)ru> spv(_at_)CryptoPro(_dot_)ru

 

Consider the environment before printing this mail.
"Thales e-Security Limited is incorporated in England and Wales with company
registration number 2518805. Its registered office is located at 2 Dashwood
Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge, Surrey KT15
2NX.
The information contained in this e-mail is confidential. It may also be
privileged. It is only intended for the stated addressee(s) and access to it
by any other person is unauthorised. If you are not an addressee or the
intended addressee, you must not disclose, copy, circulate or in any other
way use or rely on the information contained in this e-mail. Such
unauthorised use may be unlawful. If you have received this e-mail in error
please delete it (and all copies) from your system, please also inform us
immediately on +44 (0)1844 201800 or email 
postmaster(_at_)thales-esecurity(_dot_)com(_dot_)
Commercial matters detailed or referred to in this e-mail are subject to a
written contract signed for and on behalf of Thales e-Security Limited".
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Protocol Action: 'Multiple Signatures in S/MIME' to Proposed Standard, The IESG
Next by Date:  RE: CAdES. Storing validation data., Pope, Nick
Previous by Thread:  Protocol Action: 'Multiple Signatures in S/MIME' to Proposed Standard, The IESG
Next by Thread:  RE: Extending CAdES to support usual signature upgrading to CAdES-T and further, Peter Rybar
Indexes:  [Date] [Thread] [Top] [All Lists]