|
Hello all and personally Nick, In current CAdES wording a regular
signature without at least one signed attribute (Signing certificate reference)
cannot be added with timestamps and validation data to achieve CAdES-T or more
advanced CAdES signature. This need arises, e.g., in a system with existing
regular signatures. There is no chance to add the required attribute to the
already computed signature, but there is a strong need to add CAdES properties
to such signatures. There is rather simple approach to achieve
the same properties without including signing certificate reference as a signed
attribute. Let us include this reference as an extension in the CAdES-T
timestamp (signature timestamp). To get such timestamp one would need to include
this extension in a timestamp request and a TSA would have to shift this
extension to a timestamp token. Let us define the proposed extension to a
timestamp protocol and call the signature we get a valid CAdES-T signature.
More advanced CAdES signature types turn out from this new CAdES-T perfectly
without any modification. What do you think? Pavel
Smirnov Crypto-Pro |