[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comment on draft-ietf-ltans-xmlers-03.txt (4)

To: ietf-ltans@xxxxxxxx
Subject: Comment on draft-ietf-ltans-xmlers-03.txt (4)
From: "Andreas Menke" <andreas.menke@xxxxxxxxxxxxx>
Date: Wed, 22 Jul 2009 12:08:09 +0200
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Organization: OpenLimit SignCubes GmbH
Sender: owner-ietf-ltans@xxxxxxxxxxxx
Thread-index: AcoKtFAy5+hSt01+TD6WTZXbEVYFTw==

Hello list.

There a few other points I want to tell:

1) CanonicalizationMethodType has in XMLDSIG (RFC3275) for <any> contents
modifiers minOccurs=0 and maxOccurs=unbound set. Same for DigestMethodType.
In general it is better to use the original instead of defining it twice.

2) HashTree renewal is somewhat confusing. 

	In 4.2.2 Generation it is said in 4.: 
' Calculate hash value hatsc(i) = H(ATSC(i))from binary
      representation of the previously generated and ordered
      <ArchiveTimeStampChain> elements within <ArchiveTimeStampSequence>
      element, corresponding to data object d(i).'

Is it meant	that for all previous <ArchiveTimeStampChain> elements
ordered ascending according to their order attribute, they must be
canonicalized each for its own, binary appended and then hashed with H
resulting in hash value hatsc(i).

	In 4.3 Verification it is said in 3. that:
' contains hash
      values of data object and the hash value of all preceding Archive
      Time-Stamp Chains'

This should be read as: contains the hash value h(i)' for data object i
which is build from all preceding <ArchiveTimeStampChain> elements ordered
ascending according to their order attribute, canonicalized each for its
own, binary appended and then hashed with algorithm H resulting in hash
value hatsc. h(i)' is then the hash value of the binary concatenation of
H(i) and hatsc: h(i)' = H(H(i)+hatsc).


Regards

Andreas Menke


-----------------------------
Diplom-Informatiker (Uni.)
Andreas Menke
Team Leader, Development

OPENLiMiT SignCubes GmbH
Saarbrücker Str. 38 A
D-10405 Berlin

Fon: +49 30 868 766 – 10
Fax: +49 30 868 766 – 11
andreas.menke@xxxxxxxxxxxxx
www.openlimit.com

Geschäftsführer:
Heinrich Dattler, Armin Lunkeit
Nadine Model (Prokuristin)
Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 86352 B
Finanzamt für Körperschaften II
St.-Nr. 37/155/20819
USt-ID: DE 224136339
---

Erleben Sie, wie einfach es ist, elektronisch zu unterschreiben und testen
Sie die neue Signatur-Software OpenLimit CC Sign 2.5 für 30 Tage kostenlos.
Hier downloaden:
https://www.openlimit.com/de/produkte/cc-sign/download-cc-sign-testversion.h
tml

Prev by Date: RE: Comment on draft-ietf-ltans-xmlers-03.txt (3)
Previous by thread: Comment on draft-ietf-ltans-xmlers-03.txt (3)
Index(es):
- Date
- Thread