[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Extending CAdES to support usual signature upgrading to CAdES -T and further

Pavel,

 

I personally have some sympathy for your view.  I will add this issue to those for discussion at the next ETSI meeting later in June.

 

Nick

 

 

-----Original Message-----
From: Pavel V. Smirnov [mailto:spv@xxxxxxxxxxxx]
Sent: 26 May 2008 11:50
To: 'Pope, Nick'; ESI@xxxxxxxxxxxxx; ietf-smime@xxxxxxx
Subject: Extending CAdES to support usual signature upgrading to CAdES-T and further

 

Hello all and personally Nick,

 

In current CAdES wording a regular signature without at least one signed attribute (Signing certificate reference) cannot be added with timestamps and validation data to achieve CAdES-T or more advanced CAdES signature. This need arises, e.g., in a system with existing regular signatures. There is no chance to add the required attribute to the already computed signature, but there is a strong need to add CAdES properties to such signatures.

 

There is rather simple approach to achieve the same properties without including signing certificate reference as a signed attribute. Let us include this reference as an extension in the CAdES-T timestamp (signature timestamp). To get such timestamp one would need to include this extension in a timestamp request and a TSA would have to shift this extension to a timestamp token.

 

Let us define the proposed extension to a timestamp protocol and call the signature we get a valid CAdES-T signature. More advanced CAdES signature types turn out from this new CAdES-T perfectly without any modification. What do you think?

 

Pavel Smirnov

Crypto-Pro
Tel./Fax: +7 495 780-4820
WWW: http://www.CryptoPro.ru
e-mail: spv@xxxxxxxxxxxx

 

Consider the environment before printing this mail.

"Thales e-Security Limited is incorporated in England and Wales with company registration number 2518805. Its registered office is located at 2 Dashwood Lang Road, The Bourne Business Park, Addlestone, Nr. Weybridge, Surrey KT15 2NX.

The information contained in this e-mail is confidential. It may also be privileged. It is only intended for the stated addressee(s) and access to it by any other person is unauthorised. If you are not an addressee or the intended addressee, you must not disclose, copy, circulate or in any other way use or rely on the information contained in this e-mail. Such unauthorised use may be unlawful. If you have received this e-mail in error please delete it (and all copies) from your system, please also inform us immediately on +44 (0)1844 201800 or email postmaster@xxxxxxxxxxxxxxxxxxxxx Commercial matters detailed or referred to in this e-mail are subject to a written contract signed for and on behalf of Thales e-Security Limited".