draft-ietf-smime-cades-01.txt   draft-ietf-smime-cades-02.txt 
S/MIME Working Group J.Ross(Security and Standards) S/MIME Working Group J.Ross(Security and Standards)
INTERNET-DRAFT N.Pope(Security and Standards) INTERNET-DRAFT N.Pope(Thales eSecurity)
Expires September 2006 D.Pinkas(Bull) Expires November 2007 D.Pinkas(Bull SAS)
Target Category: Informational Target Category: Informational
CMS Advanced Electronic Signatures (CAdES) CMS Advanced Electronic Signatures (CAdES)
<draft-ietf-smime-cades-01.txt> <draft-ietf-smime-cades-02.txt>
Status of this Memo Status of this memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six
and may be updated, replaced, or obsoleted by other documents at any Months and may be updated, replaced, or obsoleted by other
time. It is inappropriate to use Internet-Drafts as reference documents at any time. It is inappropriate to use Internet-Drafts
material or to cite them other than as "work in progress". as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html.
This document may not be modified, and derivative works of it may Copyright Notice
not be created, except to publish it as an RFC and to translate it
into languages other than English. Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document defines the format of an electronic signature that can This document defines the format of an electronic signature that can
remain valid over long periods. This includes evidence as to its remain valid over long periods. This includes evidence as to its
validity even if the signer or verifying party later attempts to deny validity even if the signer or verifying party later attempts to deny
(i.e., repudiates the validity of the signature). The format can be (i.e., repudiates the validity of the signature).
considered as an extension to RFC 3852 [4] and RFC 2634 [5], where,
when appropriate additional signed and unsigned attributes have been The format can be considered as an extension to RFC 3852 [4] and
defined. The contents of this Informational RFC amounts to a RFC 2634 [5], where, when appropriate additional signed and
unsigned attributes have been defined.
The contents of this Informational RFC amounts to a
transposition of the ETSI TS 101 733 V.1.6.3 (CMS Advanced transposition of the ETSI TS 101 733 V.1.6.3 (CMS Advanced
Electronic Signatures - CAdES) [TS101733] and is technically Electronic Signatures - CAdES) [TS101733] and is technically
equivalent to it. equivalent to it.
Table of Contents Table of Contents
1. Introduction 6 1. Introduction 6
2. Scope 6 2. Scope 6
skipping to change at page 2, line 34 skipping to change at page 2, line 34
4.4.3 Extended electronic signature formats 22 4.4.3 Extended electronic signature formats 22
4.4.4 Archival Electronic Signature (CAdES-A) 26 4.4.4 Archival Electronic Signature (CAdES-A) 26
4.5 Arbitration 27 4.5 Arbitration 27
4.6 Validation process 28 4.6 Validation process 28
5. Electronic signature attributes 29 5. Electronic signature attributes 29
5.1 General syntax 29 5.1 General syntax 29
5.2 Data content type 29 5.2 Data content type 29
5.3 Signed-data content type 29 5.3 Signed-data content type 29
5.4 SignedData type 29 5.4 SignedData type 29
5.5 EncapsulatedContentInfo type 29 5.5 EncapsulatedContentInfo type 30
5.6 SignerInfo type 30 5.6 SignerInfo type 30
5.6.1 Message digest calculation process 31 5.6.1 Message digest calculation process 31
5.6.2 Message signature generation process 31 5.6.2 Message signature generation process 31
5.6.3 Message signature verification process 31 5.6.3 Message signature verification process 31
5.7 Basic ES mandatory present attributes 31 5.7 Basic ES mandatory present attributes 31
5.7.1 Content type 31 5.7.1 Content type 31
5.7.2 Message digest 32 5.7.2 Message digest 32
5.7.3 Signing certificate reference attribute 32 5.7.3 Signing certificate reference attribute 32
5.8 Additional mandatory attributes for Explicit Policy-based 5.8 Additional mandatory attributes for Explicit Policy-based
Electronic Signatures 34 Electronic Signatures 34
5.8.1 Signature policy identifier 34 5.8.1 Signature policy identifier 34
5.9 CMS imported optional attributes 36 5.9 CMS imported optional attributes 36
5.9.1 Signing time 36 5.9.1 Signing time 36
5.9.2 Countersignature 36 5.9.2 Countersignature 36
5.10 ESS imported optional attributes 36 5.10 ESS imported optional attributes 37
5.10.1 Content reference attribute 37 5.10.1 Content reference attribute 37
5.10.2 Content identifier attribute 37 5.10.2 Content identifier attribute 37
5.10.3 Content hints attribute 37 5.10.3 Content hints attribute 37
5.11 Additional optional attributes defined in the present document 38 5.11 Additional optional attributes defined in the present document 38
5.11.1 Commitment type indication attribute 38 5.11.1 Commitment type indication attribute 38
5.11.2 Signer location attribute 40 5.11.2 Signer location attribute 40
5.11.3 Signer attributes attribute 40 5.11.3 Signer attributes attribute 40
5.11.4 Content time-stamp 41 5.11.4 Content time-stamp 41
5.12 Support for multiple signatures 41 5.12 Support for multiple signatures 41
skipping to change at page 3, line 29 skipping to change at page 3, line 29
6.2.2 Complete Revocation References attribute definition 45 6.2.2 Complete Revocation References attribute definition 45
6.2.3 Attribute certificate references attribute definition 47 6.2.3 Attribute certificate references attribute definition 47
6.2.4 Attribute revocation references attribute definition 48 6.2.4 Attribute revocation references attribute definition 48
6.3 Extended validation data (CAdES-X) 48 6.3 Extended validation data (CAdES-X) 48
6.3.1 Time-stamped validation data (CAdES-X Type 1 or Type 2) 48 6.3.1 Time-stamped validation data (CAdES-X Type 1 or Type 2) 48
6.3.2 Long validation data (CAdES-X Long, CAdES-X Long Type 1 or 2) 48 6.3.2 Long validation data (CAdES-X Long, CAdES-X Long Type 1 or 2) 48
6.3.3 Certificate values attribute definition 49 6.3.3 Certificate values attribute definition 49
6.3.4 Revocation values attribute definition 50 6.3.4 Revocation values attribute definition 50
6.3.5 CAdES-C time-stamp attribute definition 51 6.3.5 CAdES-C time-stamp attribute definition 51
6.3.6 Time-stamped certificates and crls references attribute 6.3.6 Time-stamped certificates and crls references attribute
definition 51 definition 52
6.4 Archive validation data 52 6.4 Archive validation data 52
6.4.1 Archive time-stamp attribute definition 52 6.4.1 Archive time-stamp attribute definition 52
7. Other standard data structures 54 7. Other standard data structures 54
7.1 Public-key certificate format 54 7.1 Public-key certificate format 54
7.2 Certificate revocation list format 54 7.2 Certificate revocation list format 54
7.3 OCSP response format 54 7.3 OCSP response format 54
7.4 Time-stamp token format 54 7.4 Time-stamp token format 55
7.5 Name and attribute formats 54 7.5 Name and attribute formats 55
7.6 Attribute certificate 55 7.6 Attribute certificate 55
8. Conformance requirements 55 8. Conformance requirements 56
8.1 CAdES-Basic Electronic Signature (CAdES-BES) 56 8.1 CAdES-Basic Electronic Signature (CAdES-BES) 56
8.2 CAdES-Explicit Policy-based Electronic Signature 56 8.2 CAdES-Explicit Policy-based Electronic Signature 57
8.3 Verification using time-stamping 56 8.3 Verification using time-stamping 57
8.4 Verification using secure records 56 8.4 Verification using secure records 57
9. Security considerations 57 9. Security considerations 58
9.1 Protection of private key 57 9.1 Protection of private key 58
9.2 Choice of algorithms 57 9.2 Choice of algorithms 58
10. IANA Considerations 57 10. IANA Considerations 58
11. References 57 11. References 58
11.1 Normative references 57 11.1 Normative references 58
11.2 Informative references 58 11.2 Informative references 59
12. Authors' addresses 61 12. Authors' addresses 62
13. Acknowledgments 62 13. Acknowledgments 63
Annex A (normative): ASN.1 definitions 63 Annex A (normative): ASN.1 definitions 64
A.1 Signature format definitions using X.208 ASN.1 syntax 63 A.1 Signature format definitions using X.208 ASN.1 syntax 64
A.2 Signature format definitions using X.680 ASN.1 syntax 71 A.2 Signature format definitions using X.680 ASN.1 syntax 72
Annex B (informative): Extended forms of Electronic Signatures 79 Annex B (informative): Extended forms of Electronic Signatures 81
B.1 Extended forms of validation data 79 B.1 Extended forms of validation data 81
B.1.1 CAdES-X Long 80 B.1.1 CAdES-X Long 82
B.1.2 CAdES-X Type 1 81 B.1.2 CAdES-X Type 1 83
B.1.3 CAdES-X Type 2 82 B.1.3 CAdES-X Type 2 84
B.1.4 CAdES-X Long Type 1 and CAdES-X Long Type 2 83 B.1.4 CAdES-X Long Type 1 and CAdES-X Long Type 2 85
B.2 Timestamp extensions 85 B.2 Timestamp extensions 87
B.3 Archive validation data (CAdES-A) 86 B.3 Archive validation data (CAdES-A) 88
B.4 Example validation sequence 88 B.4 Example validation sequence 90
B.5 Additional optional features 93 B.5 Additional optional features 95
Annex C (informative):General description 94 Annex C (informative):General description 96
C.1 The signature policy 94 C.1 The signature policy 96
C.2 Signed information 95 C.2 Signed information 97
C.3 Components of an electronic signature 95 C.3 Components of an electronic signature 97
C.3.1 Reference to the signature policy 95 C.3.1 Reference to the signature policy 97
C.3.2 Commitment type indication 96 C.3.2 Commitment type indication 98
C.3.3 Certificate identifier from the signer 96 C.3.3 Certificate identifier from the signer 98
C.3.4 Role attributes 97 C.3.4 Role attributes 99
C.3.4.1 Claimed role 97 C.3.4.1 Claimed role 99
C.3.4.2 Certified role 98 C.3.4.2 Certified role 100
C.3.5 Signer location 98 C.3.5 Signer location 100
C.3.6 Signing time 98 C.3.6 Signing time 100
C.3.7 Content format 99 C.3.7 Content format 101
C.3.8 Content hints 99 C.3.8 Content hints 101
C.3.9 Content cross referencing 99 C.3.9 Content cross referencing 101
C.4 Components of validation data 99 C.4 Components of validation data 101
C.4.1 Revocation status information 99 C.4.1 Revocation status information 101
C.4.1.1 CRL information 100 C.4.1.1 CRL information 102
C.4.1.2 OCSP information 100 C.4.1.2 OCSP information 102
C.4.2 Certification path 101 C.4.2 Certification path 103
C.4.3 Time-stamping for long life of signatures 101 C.4.3 Time-stamping for long life of signatures 103
C.4.4 Time-stamping for long life of signature before CA key C.4.4 Time-stamping for long life of signature before CA key
compromises 102 compromises 104
C.4.4.1 Time-stamping the ES with complete validation data 103 C.4.4.1 Time-stamping the ES with complete validation data 105
C.4.4.2 Time-stamping certificates and revocation information C.4.4.2 Time-stamping certificates and revocation information
references 104 references 106
C.4.5 Time-stamping for archive of signature 105 C.4.5 Time-stamping for archive of signature 107
C.4.6 Reference to additional data 106 C.4.6 Reference to additional data 108
C.4.7 Time-stamping for mutual recognition 106 C.4.7 Time-stamping for mutual recognition 108
C.4.8 TSA key compromise 107 C.4.8 TSA key compromise 109
C.5 Multiple signatures 107 C.5 Multiple signatures 109
Annex D (informative):Data protocols to interoperate with TSPs 108 Annex D (informative):Data protocols to interoperate with TSPs 110
D.1 Operational protocols 108 D.1 Operational protocols 110
D.1.1 Certificate retrieval 108 D.1.1 Certificate retrieval 110
D.1.2 CRL retrieval 108 D.1.2 CRL retrieval 110
D.1.3 OnLine certificate status 108 D.1.3 OnLine certificate status 110
D.1.4 Time-stamping 108 D.1.4 Time-stamping 110
D.2 Management protocols 108 D.2 Management protocols 110
D.2.1 Request for certificate revocation 108 D.2.1 Request for certificate revocation 110
Annex E (informative): Guidance on naming 109 Annex E (informative): Guidance on naming 111
E.1 Allocation of names 109 E.1 Allocation of names 111
E.2 Providing access to registration information 109 E.2 Providing access to registration information 111
E.3 Naming schemes 110 E.3 Naming schemes 112
E.3.1 Naming schemes for individual citizens 110 E.3.1 Naming schemes for individual citizens 112
E.3.2 Naming schemes for employees of an organization 111 E.3.2 Naming schemes for employees of an organization 113
Annex F (informative): Example structured contents and MIME 112 Annex F (informative): Example structured contents and MIME 114
F.1 General description 112 F.1 General description 114
F.2 Header information 112 F.2 Header information 114
F.3 Content encoding 113 F.3 Content encoding 116
F.4 Multi-part content 113 F.4 Multi-part content 116
F.5 S/MIME 114 F.5 S/MIME 116
Annex G (informative): Relationship to the European Directive Annex G (informative): Relationship to the European Directive
And EESSI 117 And EESSI 119
G.1 Introduction 117 G.1 Introduction 119
G.2 Electronic signatures and the directive 117 G.2 Electronic signatures and the directive 119
G.3 ETSI electronic signature formats and the directive 118 G.3 ETSI electronic signature formats and the directive 120
G.4 EESSI standards and classes of electronic signature 118 G.4 EESSI standards and classes of electronic signature 120
G.4.1 Structure of EESSI standardization 118 G.4.1 Structure of EESSI standardization 120
G.4.2 Classes of electronic signatures 119 G.4.2 Classes of electronic signatures 121
G.4.3 EESSI classes and the ETSI electronic signature format 119 G.4.3 EESSI classes and the ETSI electronic signature format 121
Annex H (informative): APIs for the generation and verification Annex H (informative): APIs for the generation and verification
of electronic signatures tokens 120 of electronic signatures tokens 121
H.1 Data framing 120 H.1 Data framing 122
H.2 IDUP-GSS-APIs defined by the IETF 121 H.2 IDUP-GSS-APIs defined by the IETF 123
H.3 CORBA security interfaces defined by the OMG 122 H.3 CORBA security interfaces defined by the OMG 124
Annex I (informative):Cryptographic algorithms 124 Annex I (informative):Cryptographic algorithms 126
I.1 Digest algorithms 124 I.1 Digest algorithms 126
I.1.1 SHA-1 124 I.1.1 SHA-1 126
I.1.2 General 124 I.1.2 General 126
I.2 Digital signature algorithms 125 I.2 Digital signature algorithms 127
I.2.1 DSA 125 I.2.1 DSA 127
I.2.2 RSA 125 I.2.2 RSA 127
I.2.3 General 126 I.2.3 General 128
Annex J (informative): Changes from the previous version 120 Annex J (informative): Changes from the previous version 130
Full Copyright Statement 129 Full Copyright Statement 131
Disclaimer 129 Disclaimer 131
Intellectual Property 129 Intellectual Property 131
1. Introduction 1. Introduction
This document is intended to cover electronic signatures for various This document is intended to cover electronic signatures for various
types of transactions, including business transactions (e.g. purchase types of transactions, including business transactions (e.g. purchase
requisition, contract, and invoice applications) where long term requisition, contract, and invoice applications) where long term
validity of such signatures is important. This includes evidence as validity of such signatures is important. This includes evidence as
to its validity even if the signer or verifying party later attempts to its validity even if the signer or verifying party later attempts
to deny (i.e., repudiates, see ISO/IEC 10181-5 [ISO10181-5]) the to deny (i.e., repudiates, see ISO/IEC 10181-5 [ISO10181-5]) the
validity of the signature). validity of the signature).
skipping to change at page 9, line 48 skipping to change at page 9, line 48
Enhanced electronic signatures: electronic signatures enhanced by Enhanced electronic signatures: electronic signatures enhanced by
complementing the baseline requirements with additional data, such as complementing the baseline requirements with additional data, such as
time tamp tokens and certificate revocation data, to address commonly time tamp tokens and certificate revocation data, to address commonly
recognized threats. recognized threats.
Explicit Policy-based Electronic Signature (EPES): an electronic Explicit Policy-based Electronic Signature (EPES): an electronic
signature where the signature policy is explicitly specified that shall signature where the signature policy is explicitly specified that shall
be used to validate it. be used to validate it.
grace period: time period which permits the certificate revocation Grace period: time period which permits the certificate revocation
information to propagate through the revocation process to relying information to propagate through the revocation process to relying
parties. parties.
Initial verification: a process performed by a verifier done after an Initial verification: a process performed by a verifier done after an
electronic signature is generated in order to capture additional electronic signature is generated in order to capture additional
information that could make it valid for long term verification. information that could make it valid for long term verification.
Public Key Certificate (PKC): public keys of a user, together with some Public Key Certificate (PKC): public keys of a user, together with some
other information, rendered unforgeable by encipherment with the other information, rendered unforgeable by encipherment with the
private key of the certification authority which issued it. private key of the certification authority which issued it.
skipping to change at page 15, line 30 skipping to change at page 15, line 30
- Message-digest. It is defined in RFC 3852 [4] and specifies the - Message-digest. It is defined in RFC 3852 [4] and specifies the
message digest of the eContent OCTET STRING within message digest of the eContent OCTET STRING within
encapContentInfo being signed. Details are provided in section encapContentInfo being signed. Details are provided in section
5.7.2; 5.7.2;
- ESS signing-certificate OR ESS signing-certificate v2. The ESS - ESS signing-certificate OR ESS signing-certificate v2. The ESS
signing-certificate attribute is defined in Enhanced Security signing-certificate attribute is defined in Enhanced Security
Services (ESS), RFC 2634 [5] and only allows for the use of SHA-1 Services (ESS), RFC 2634 [5] and only allows for the use of SHA-1
as digest algorithm. The ESS signing-certificate attribute V2 as digest algorithm. The ESS signing-certificate attribute V2
is defined in "ESS Update: Adding CertID Algorithm Agility", is defined in “ESS Update: Adding CertID Algorithm Agility” [15],
RFC XXXX [15] and allows for the use of any digest algorithm. and allows for the use of any digest algorithm. A CAdES-BES
A CAdES-BES claiming compliance with the present document must claiming compliance with the present document must include one of
include one of them. Section 5.7.3 provides the details of these them. Section 5.7.3 provides the details of these attributes.
attributes. Rationale for its inclusion is provided in section Rationale for its inclusion is provided in section C.3.3.
C.3.3.
Optional signed attributes may be added to the CAdES-BES, including Optional signed attributes may be added to the CAdES-BES, including
optional signed attributes defined in CMS (RFC 3852 [4]), ESS (RFC 2634 optional signed attributes defined in CMS (RFC 3852 [4]), ESS (RFC 2634
[5]) and the present document. Listed below are optional attributes [5]) and the present document. Listed below are optional attributes
that are defined in section 5 and have a rational provided in annex C: that are defined in section 5 and have a rational provided in annex C:
- Signing-time: as defined in CMS (RFC 3852 [4]) indicates the time - Signing-time: as defined in CMS (RFC 3852 [4]) indicates the time
of the signature as claimed by the signer. Details and short of the signature as claimed by the signer. Details and short
rationale are provided in section 5.9.1. Section C.3.6 provides rationale are provided in section 5.9.1. Section C.3.6 provides
the rationale. the rationale.
skipping to change at page 29, line 53 skipping to change at page 29, line 53
The signed-data content type of the ES is as defined in CMS (RFC 3852 The signed-data content type of the ES is as defined in CMS (RFC 3852
[4]). [4]).
5.4 SignedData type 5.4 SignedData type
The syntax of the SignedData of the ES is as defined in CMS (RFC 3852 The syntax of the SignedData of the ES is as defined in CMS (RFC 3852
[4]). [4]).
The fields of type SignedData have the meanings as defined in CMS (RFC The fields of type SignedData have the meanings as defined in CMS (RFC
3852 [4]) but : 3852 [4]).
- the syntax version number value shall be 3.
The identification of signer's certificate used to create the signature The identification of signer's certificate used to create the signature
is always signed (see section 5.7.3). The validation policy may specify is always signed (see section 5.7.3). The validation policy may specify
requirements for the presence of certain certificates. requirements for the presence of certain certificates. The degenerate case
The degenerate case where there are no signers is not valid in the where there are no signers is not valid in the present document.
present document.
5.5 EncapsulatedContentInfo type 5.5 EncapsulatedContentInfo type
The syntax of the EncapsulatedContentInfo type ES is as defined in CMS The syntax of the EncapsulatedContentInfo type ES is as defined in CMS
(RFC 3852 [4]). (RFC 3852 [4]).
For the purpose of long term validation as defined by the present For the purpose of long term validation as defined by the present
document, it is advisable that either the eContent is present, or the document, it is advisable that either the eContent is present, or the
data which is signed is archived in such as way as to preserve any data data which is signed is archived in such as way as to preserve any data
encoding. It is important that the OCTET STRING used to generate the encoding. It is important that the OCTET STRING used to generate the
skipping to change at page 30, line 33 skipping to change at page 30, line 32
NOTE: The eContent is optional in CMS : NOTE: The eContent is optional in CMS :
- When it is present, this allows the signed data to be - When it is present, this allows the signed data to be
encapsulated in the SignedData structure, which then encapsulated in the SignedData structure, which then
contains both the signed data and the signature. However, contains both the signed data and the signature. However,
the signed data may only be accessed by a verifier able to the signed data may only be accessed by a verifier able to
decode the ASN.1 encoded SignedData structure. decode the ASN.1 encoded SignedData structure.
- When it is missing, this allows the signed data to be sent - When it is missing, this allows the signed data to be sent
or stored separately from the signature and the SignedData or stored separately from the signature and the SignedData
structure only contains the signature. In this case the structure only contains the signature. It is in the case
data which is signed needs to be stored and distributed in of signature only that the data which is signed needs to be
such as way as to preserve any data encoding. stored and distributed in such as way as to preserve any
data encoding.
The degenerate case where there are no signers is not valid in the The degenerate case where there are no signers is not valid in the
present document. present document.
5.6 SignerInfo type 5.6 SignerInfo type
The syntax of the SignerInfo type ES is as defined in CMS (RFC 3852 The syntax of the SignerInfo type ES is as defined in CMS (RFC 3852
[4]). [4]).
Per-signer information is represented in the type SignerInfo. In the Per-signer information is represented in the type SignerInfo. In the
skipping to change at page 31, line 35 skipping to change at page 31, line 35
5.7 Basic ES mandatory present attributes 5.7 Basic ES mandatory present attributes
The following attributes shall be present with the signed-data defined The following attributes shall be present with the signed-data defined
by the present document. The attributes are defined in CMS (RFC 3852 by the present document. The attributes are defined in CMS (RFC 3852
[4]). [4]).
5.7.1 Content type 5.7.1 Content type
The content-type attribute indicates the type of the signed content. The content-type attribute indicates the type of the signed content.
The syntax of the content-type attribute is as defined in CMS The syntax of the content-type attribute type is as defined in CMS
(RFC 3852 [4]) section 11.1. (RFC 3852 [4]) section 11.1.
Note 1 : As stated in RFC 3852 [4] , the content-type attribute Note 1 : As stated in RFC 3852 [4] , the content-type attribute
must have its value (i.e. ContentType) equal to the must have its value (i.e. ContentType) equal to the
eContentType of the EncapsulatedContentInfo value being eContentType of the EncapsulatedContentInfo value being
signed. signed.
Note 2 : For implementations supporting signature generation, if Note 2 : For implementations supporting signature generation, if
the content-type attribute is id-data, then it is the content-type attribute is id-data, then it is
recommended that the eContent be encoded using MIME. recommended that the eContent be encoded using MIME.
skipping to change at page 32, line 13 skipping to change at page 32, line 13
for further details about the use of MIME. for further details about the use of MIME.
5.7.2 Message digest 5.7.2 Message digest
The syntax of the message-digest attribute type of the ES is as defined The syntax of the message-digest attribute type of the ES is as defined
in CMS (RFC 3852 [4]). in CMS (RFC 3852 [4]).
5.7.3 Signing certificate reference attributes 5.7.3 Signing certificate reference attributes
The Signing certificate reference attributes are supported by using The Signing certificate reference attributes are supported by using
either the ESS signing-certificate attribute or the ESS signing- either the ESS signing-certificate attribute or the ESS-signing-
certificate v2 attribute. certificate-v2 attribute.
These attributes shall contain a reference to the signer's certificate, These attributes shall contain a reference to the signer's certificate,
they are designed to prevent the simple substitution and re-issue they are designed to prevent the simple substitution and re-issue
attacks and to allow for a restricted set of certificates to be used in attacks and to allow for a restricted set of certificates to be used in
verifying a signature. They have a compact form (much shorter than the verifying a signature. They have a compact form (much shorter than the
full certificate) that allows to a certificate to be unambiguously full certificate) that allows to a certificate to be unambiguously
identified. identified.
One, and only one, of the following alternative attributes shall be One, and only one, of the following alternative attributes shall be
present with the signedData defined by the present document. present with the signedData defined by the present document.
- The ESS signing-certificate attribute, defined in ESS [RFC 2634], - The ESS signing-certificate attribute, defined in ESS [RFC 2634],
MUST be used when the SHA-1 hashing algorithm is used. MUST be used if the SHA-1 hashing algorithm is used.
- The ESS signing-certificate attribute v2, defined in "ESS Update: - The ESS signing-certificate attribute v2, defined in “ESS Update:
Adding CertID Algorithm Agility", RFC XXXX [15] shall be used Adding CertID Algorithm Agility”, shortly to be published as an
when other hashing algorithms are to be used. RFC [15] SHALL be used when other hashing algorithms are to be used.
The certificate to be used to verify the signature shall be identified The certificate to be used to verify the signature shall be identified
in the sequence (i.e. the certificate from the signer) and the sequence in the sequence (i.e. the certificate from the signer) and the sequence
shall not be empty. The signature validation policy may mandate other shall not be empty. The signature validation policy may mandate other
certificates be present that may include all the certificates up to the certificates be present that may include all the certificates up to the
trust anchor. trust anchor.
5.7.3.1 ESS signing certificate attribute definition 5.7.3.1 ESS signing certificate attribute definition
The syntax of the signing-certificate attribute type of the ES is as The syntax of the signing-certificate attribute type of the ES is as
skipping to change at page 33, line 17 skipping to change at page 33, line 17
electronic signature, this is placed in the signer-attributes electronic signature, this is placed in the signer-attributes
attribute as defined in section 5.8.3. attribute as defined in section 5.8.3.
5.7.3.2 ESS signing certificate v2 attribute definition 5.7.3.2 ESS signing certificate v2 attribute definition
The ESS signing-certificate v2 attribute is similar to the ESS The ESS signing-certificate v2 attribute is similar to the ESS
signing-certificate defined above, except that this attribute can be signing-certificate defined above, except that this attribute can be
used with hashing algorithms other than SHA-1. used with hashing algorithms other than SHA-1.
The syntax of the signing-certificate v2 attribute type of the ES is as The syntax of the signing-certificate v2 attribute type of the ES is as
defined in "ESS Update: Adding CertID Algorithm Agility", RFC XXXX [15] defined in “ESS Update: Adding CertID Algorithm Agility”, shortly to be published as an RFC [15], and further qualified in the present document.
and further qualified in the present document.
The sequence of policy information field is not used in the present The sequence of policy information field is not used in the present
document. document.
This attribute shall be used in the same manner as defined above for This attribute shall be used in the same manner as defined above for
the ESS signing-certificate attribute. the ESS signing-certificate attribute.
The object identifier for this attribute is:
id-aa-signingCertificateV2 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 47 }
If present, the issuerAndSerialNumber in SignerIdentifier field of the If present, the issuerAndSerialNumber in SignerIdentifier field of the
SignerInfo shall match the issuerSerial field present in ESSCertID. SignerInfo shall match the issuerSerial field present in ESSCertID.
In addition the certHash from ESSCertID shall match the SHA-1 hash of In addition the certHash from ESSCertID shall match the SHA-1 hash of
the certificate. The certificate identified shall be used during the the certificate. The certificate identified shall be used during the
signature verification process. If the hash of the certificate does signature verification process. If the hash of the certificate does
not match the certificate used to verify the signature, the signature not match the certificate used to verify the signature, the signature
shall be considered invalid. shall be considered invalid.
Note 1 : Where an attribute certificate is used by the signer to Note 1 : Where an attribute certificate is used by the signer to
associate a role, or other attributes of the signer, with the associate a role, or other attributes of the signer, with the
skipping to change at page 33, line 48 skipping to change at page 33, line 52
Note 2 : RFC 3126 was using the other signing certificate attribute Note 2 : RFC 3126 was using the other signing certificate attribute
(see section 5.7.3.3) for the same purpose. Its use is now (see section 5.7.3.3) for the same purpose. Its use is now
deprecated, since this structure is simpler. deprecated, since this structure is simpler.
5.7.3.3 Other signing certificate attribute definition 5.7.3.3 Other signing certificate attribute definition
RFC 3126 was using the other signing certificate attribute as RFC 3126 was using the other signing certificate attribute as
an alternative to the ESS signing-certificate when hashing algorithms an alternative to the ESS signing-certificate when hashing algorithms
other than SHA-1 were being used. Its use is now deprecated, since other than SHA-1 were being used. Its use is now deprecated, since
the structure of the general-signing-certificate attribute is simpler. the structure of the general-signing-certificate-v2 attribute is
Its description is however still present in this version for backwards compatibility. simpler. Its description is however still present in this version for
backwards compatibility.
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 } smime(16) id-aa(2) 19 }
The other-signing-certificate attribute value has the ASN.1 syntax The other-signing-certificate attribute value has the ASN.1 syntax
OtherSigningCertificate: OtherSigningCertificate:
OtherSigningCertificate ::= SEQUENCE { OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID, certs SEQUENCE OF OtherCertID,
skipping to change at page 35, line 30 skipping to change at page 35, line 23
identifies a specific version of the signature policy. The syntax of identifies a specific version of the signature policy. The syntax of
this field is as follows: this field is as follows:
SigPolicyId ::= OBJECT IDENTIFIER SigPolicyId ::= OBJECT IDENTIFIER
The sigPolicyHash field optionally contains the identifier of the hash The sigPolicyHash field optionally contains the identifier of the hash
algorithm and the hash of the value of the signature policy. The algorithm and the hash of the value of the signature policy. The
hashValue within the sigPolicyHash max be set to zero to indicate hashValue within the sigPolicyHash max be set to zero to indicate
that the policy hash value is not known. that the policy hash value is not known.
NOTE: The use of zero policy hash value is to ensure backward
compatibility with earlier versions of the current document.
If the signature policy is defined using ASN.1, then the hash is If the signature policy is defined using ASN.1, then the hash is
calculated on the value without the outer type and length fields and calculated on the value without the outer type and length fields and
the hashing algorithm shall be as specified in the field sigPolicyHash. the hashing algorithm shall be as specified in the field sigPolicyHash.
If the signature policy is defined using another structure, the type of If the signature policy is defined using another structure, the type of
structure and the hashing algorithm shall be either specified as part structure and the hashing algorithm shall be either specified as part
of the signature policy, or indicated using a signature policy of the signature policy, or indicated using a signature policy qualifier.
qualifier.
SigPolicyHash ::= OtherHashAlgAndValue SigPolicyHash ::= OtherHashAlgAndValue
OtherHashAlgAndValue ::= SEQUENCE { OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier, hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue } hashValue OtherHashValue }
OtherHashValue ::= OCTET STRING OtherHashValue ::= OCTET STRING
A signature policy identifier may be qualified with other information A signature policy identifier may be qualified with other information
skipping to change at page 36, line 52 skipping to change at page 36, line 46
profiled by the present document. profiled by the present document.
5.9.1 Signing time 5.9.1 Signing time
The signing-time attribute specifies the time at which the signer The signing-time attribute specifies the time at which the signer
claims to have performed the signing process. claims to have performed the signing process.
Signing-time attribute values for ES have the ASN.1 type SigningTime as Signing-time attribute values for ES have the ASN.1 type SigningTime as
defined in CMS (RFC 3852 [4]). defined in CMS (RFC 3852 [4]).
NOTE: RFC 3852 [4] states that dates between 1 January 1950 and 31
December 2049 (inclusive) MUST be encoded as UTCTime. Any dates
with year values before 1950 or after 2049 MUST be encoded as
GeneralizedTime.
5.9.2 Countersignature 5.9.2 Countersignature
The counterSignature attribute values for ES have ASN.1 type The counterSignature attribute values for ES have ASN.1 type
CounterSignature as defined in CMS (RFC 3852 [4]). CounterSignature as defined in CMS (RFC 3852 [4]).
A counterSignature attribute shall be an unsigned attribute. A counterSignature attribute shall be an unsigned attribute.
5.10 ESS imported optional attributes 5.10 ESS imported optional attributes
The following attributes may be present with the signed-data defined by The following attributes may be present with the signed-data defined by
skipping to change at page 41, line 32 skipping to change at page 41, line 32
5.11.4 Content time-stamp 5.11.4 Content time-stamp
The content-time-stamp attribute is an attribute which is the time- The content-time-stamp attribute is an attribute which is the time-
stamp token of the signed data content before it is signed. stamp token of the signed data content before it is signed.
The content-time-stamp attribute shall be a signed attribute. The content-time-stamp attribute shall be a signed attribute.
The following object identifier identifies the content-time-stamp The following object identifier identifies the content-time-stamp
attribute: attribute:
id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::=
member- body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) { iso(1) member- body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
id-aa(2) 20} smime(16) id-aa(2) 20}
Content-time-stamp attribute values have ASN.1 type ContentTimestamp: Content-time-stamp attribute values have ASN.1 type ContentTimestamp:
ContentTimestamp::= TimeStampToken ContentTimestamp::= TimeStampToken
The value of messageImprint of TimeStampToken (as described in RFC 3161 The value of messageImprint of TimeStampToken (as described in RFC 3161
[7]) shall be a hash of the value of eContent field within [7]) shall be a hash of the value of eContent field within
encapContentInfo in the signedData. encapContentInfo in the signedData.
For further information and definition of TimeStampToken see For further information and definition of TimeStampToken see
section 7.4. section 7.4.
skipping to change at page 44, line 20 skipping to change at page 44, line 20
6.1.1 Signature time- stamp attribute definition 6.1.1 Signature time- stamp attribute definition
The signature-time-stamp attribute is a TimeStampToken computed on the The signature-time-stamp attribute is a TimeStampToken computed on the
signature value for a specific signer. It is an unsigned attribute. signature value for a specific signer. It is an unsigned attribute.
Several instances of this attribute may occur with an electronic Several instances of this attribute may occur with an electronic
signature, from different TSAs. signature, from different TSAs.
The following object identifier identifies the signature-time-stamp The following object identifier identifies the signature-time-stamp
attribute: attribute:
id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::= { iso(1) member- id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 14} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 14}
The signature-time-stamp attribute value has ASN.1 type The signature-time-stamp attribute value has ASN.1 type
SignatureTimeStampToken: SignatureTimeStampToken:
SignatureTimeStampToken ::= TimeStampToken SignatureTimeStampToken ::= TimeStampToken
The value of messageImprint field within TimeStampToken shall be a hash The value of messageImprint field within TimeStampToken shall be a hash
of the value of the signature field within SignerInfo for the of the value of the signature field within SignerInfo for the
signedData being time-stamped. signedData being time-stamped.
skipping to change at page 46, line 34 skipping to change at page 46, line 34
CRLListID ::= SEQUENCE { CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID} crls SEQUENCE OF CrlValidatedID}
CrlValidatedID ::= SEQUENCE { CrlValidatedID ::= SEQUENCE {
crlHash OtherHash, crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL} crlIdentifier CrlIdentifier OPTIONAL}
CrlIdentifier ::= SEQUENCE { CrlIdentifier ::= SEQUENCE {
crlissuer Name, crlissuer Name,
crlIssuedTime UTCTime, crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL crlNumber INTEGER OPTIONAL }
}
OcspListID ::= SEQUENCE { OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID ocspResponses SEQUENCE OF OcspResponsesID }
}
OcspResponsesID ::= SEQUENCE { OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier, ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL ocspRepHash OtherHash OPTIONAL
} }
OcspIdentifier ::= SEQUENCE { OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data ocspResponderID ResponderID,
producedAt GeneralizedTime -- As in OCSP response data -- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
} }
When creating a crlValidatedID, the crlHash is computed over the entire When creating a crlValidatedID, the crlHash is computed over the entire
DER encoded CRL including the signature. The crlIdentifier would DER encoded CRL including the signature. The crlIdentifier would
normally be present unless the CRL can be inferred from other normally be present unless the CRL can be inferred from other
information. information.
The crlIdentifier is to identify the CRL using the issuer name and the The crlIdentifier is to identify the CRL using the issuer name and the
CRL issued time, which shall correspond to the time thisUpdate CRL issued time, which shall correspond to the time thisUpdate
contained in the issued CRL, and if present, the crlNumber. The contained in the issued CRL, and if present, the crlNumber. The
skipping to change at page 47, line 32 skipping to change at page 47, line 32
specification. specification.
The syntax and semantics of other revocation references is outside the The syntax and semantics of other revocation references is outside the
scope of the present document. The definition of the syntax of the scope of the present document. The definition of the syntax of the
other form of revocation information is as identified by other form of revocation information is as identified by
OtherRevRefType. OtherRevRefType.
This attribute may include the references to the full set of the CRL, This attribute may include the references to the full set of the CRL,
ACRL or OCSP responses that have been used to verify the certification ACRL or OCSP responses that have been used to verify the certification
chain for any TSUs that provides time-stamp tokens. In this case the chain for any TSUs that provides time-stamp tokens. In this case the
unsigned attribute shall be added to the SignedData of the relevant unsigned attribute shall be added to the signedData of the relevant
timestamp token as an unsignedAttrs in the signerInfos field. timestamp token as an unsignedAttrs in the signerInfos field.
6.2.3 Attribute certificate references attribute definition 6.2.3 Attribute certificate references attribute definition
This attribute is only used when an user attribute certificate is This attribute is only used when a user attribute certificate is
present in the electronic signature. present in the electronic signature.
The attribute-certificate-references attribute is an unsigned The attribute-certificate-references attribute is an unsigned
attribute. It references the full set of AA certificates that have attribute. It references the full set of AA certificates that have
been used to validate the attribute certificate. Only a single been used to validate the attribute certificate. Only a single
instance of this attribute shall occur with an electronic signature. instance of this attribute shall occur with an electronic signature.
id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 44} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 44}
The attribute-certificate-references attribute value has the ASN.1 The attribute-certificate-references attribute value has the ASN.1
syntax AttributeCertificateRefs: syntax AttributeCertificateRefs:
AttributeCertificateRefs ::= SEQUENCE OF OtherCertID AttributeCertificateRefs ::= SEQUENCE OF OtherCertID
OtherCertID is defined in section 5.8.2. OtherCertID is defined in section 5.8.2.
NOTE: Copies of the certificate values may be held using the NOTE: Copies of the certificate values may be held using the
certificate-values attribute defined in section 6.3.3. certificate-values attribute defined in section 6.3.3.
skipping to change at page 50, line 10 skipping to change at page 50, line 10
attribute: attribute:
id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}
The certificate-values attribute value has the ASN.1 syntax The certificate-values attribute value has the ASN.1 syntax
CertificateValues CertificateValues
CertificateValues ::= SEQUENCE OF Certificate CertificateValues ::= SEQUENCE OF Certificate
Certificate is defined in section 7.1. Certificate is defined in section 7.1. (which is as defined in ITU-T Recommendation X.509 [1].
This attribute may include the certification information for any TSUs This attribute may include the certification information for any TSUs
that have provided the time-stamp tokens if these certificates are not that have provided the time-stamp tokens if these certificates are not
already included in the TSTs as part of the TSUs signatures. In this already included in the TSTs as part of the TSUs signatures. In this
case the unsigned attribute shall be added to the SignedData of the case the unsigned attribute shall be added to the signedData of the
relevant timestamp token. relevant timestamp token.
6.3.4 Revocation values attribute definition 6.3.4 Revocation values attribute definition
This attribute is used to contain the revocation information required This attribute is used to contain the revocation information required
for the following forms of eXtended Electronic Signature: CAdES-X Long, for the following forms of eXtended Electronic Signature: CAdES-X Long,
ES X-Long Type 1 and CAdES-X Long Type 2, see section B.1.1 for an ES X-Long Type 1 and CAdES-X Long Type 2, see section B.1.1 for an
illustration of this form of electronic signature. illustration of this form of electronic signature.
The revocation-values attribute is an unsigned attribute. Only a The revocation-values attribute is an unsigned attribute. Only a
skipping to change at page 50, line 52 skipping to change at page 50, line 52
The revocation-values attribute value has the ASN.1 syntax The revocation-values attribute value has the ASN.1 syntax
RevocationValues RevocationValues
RevocationValues ::= SEQUENCE { RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL, crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL} otherRevVals [2] OtherRevVals OPTIONAL}
OtherRevVals ::= SEQUENCE { OtherRevVals ::= SEQUENCE {
OtherRevValType OtherRevValType, OtherRevValType OtherRevValType,
OtherRevVals ANY DEFINED BY OtherRevValType OtherRevVals ANY DEFINED BY OtherRevValType }
}
OtherRevValType ::= OBJECT IDENTIFIER OtherRevValType ::= OBJECT IDENTIFIER
The syntax and semantics of the other revocation values (OtherRevVals) The syntax and semantics of the other revocation values (OtherRevVals)
is outside the scope of the present document. is outside the scope of the present document.
The definition of the syntax of the other form of revocation The definition of the syntax of the other form of revocation
information is as identified by OtherRevRefType. information is as identified by OtherRevRefType.
CertificateList is defined in section 7.2. CertificateList is defined in section 7.2. (which as defined in ITU-T
Recommendation X.509 [1]).
BasicOCSPResponse is defined in section 7.3. BasicOCSPResponse is defined in section 7.3. (which as defined in
RFC 2560 [3]).
This attribute may include the values of revocation data including CRLs This attribute may include the values of revocation data including CRLs
and OCSP for any TSUs that have provided the time-stamp tokens if these and OCSP for any TSUs that have provided the time-stamp tokens if these
certificates are not already included in the TSTs as part of the TSUs certificates are not already included in the TSTs as part of the TSUs
signatures. In this case the unsigned attribute shall be added to the signatures. In this case the unsigned attribute shall be added to the
SignedData of the relevant timestamp token. signedData of the relevant timestamp token.
6.3.5 CAdES-C time-stamp attribute definition 6.3.5 CAdES-C time-stamp attribute definition
This attribute is used to protect against CA key compromise. This attribute is used to protect against CA key compromise.
This attribute is used for the time stamping the complete electronic This attribute is used for the time stamping the complete electronic
signature (CAdES-C). It is used in the following forms of eXtended signature (CAdES-C). It is used in the following forms of eXtended
Electronic Signature; CAdES-X Type 1 and CAdES-X Long Type 1, see Electronic Signature; CAdES-X Type 1 and CAdES-X Long Type 1, see
section B.1.2 for an illustration of this form of electronic signature. section B.1.2 for an illustration of this form of electronic signature.
skipping to change at page 51, line 49 skipping to change at page 51, line 51
The CAdES-C-timestamp attribute value has the ASN.1 syntax The CAdES-C-timestamp attribute value has the ASN.1 syntax
ESCTimeStampToken : ESCTimeStampToken :
ESCTimeStampToken ::= TimeStampToken ESCTimeStampToken ::= TimeStampToken
The value of messageImprint field within TimeStampToken shall be a hash The value of messageImprint field within TimeStampToken shall be a hash
of the concatenated values (without the type or length encoding for of the concatenated values (without the type or length encoding for
that value) of the following data objects: that value) of the following data objects:
- OCTET TRING of the SignatureValue field within SignerInfo; - OCTETSTRING of the SignatureValue field within SignerInfo;
- signature-time-stamp, or a time mark operated by a Time-Marking - signature-time-stamp, or a time mark operated by a Time-Marking
Authority; Authority;
- complete-certificate-references s attribute; and - complete-certificate-references s attribute; and
- complete-revocation-references attribute. - complete-revocation-references attribute.
For further information and definition of the TimeStampToken, see
clause 7.4.
6.3.6 Time-stamped certificates and crls references attribute 6.3.6 Time-stamped certificates and crls references attribute
definition definition
This attribute is used to protect against CA key compromise. This This attribute is used to protect against CA key compromise. This
attribute is used for the time stamping certificate and revocation attribute is used for the time stamping certificate and revocation
references. It is used in the following forms of eXtended Electronic references. It is used in the following forms of eXtended Electronic
Signature; CAdES-X Type 2 and CAdES-X Long Type 2, see section B.1.3 Signature; CAdES-X Type 2 and CAdES-X Long Type 2, see section B.1.3
for an illustration of this form of electronic signature. for an illustration of this form of electronic signature.
A time-stamped-certs-crls-references attribute is an unsigned A time-stamped-certs-crls-references attribute is an unsigned
skipping to change at page 52, line 55 skipping to change at page 52, line 58
archive time-stamp attribute may be required for the archive form of archive time-stamp attribute may be required for the archive form of
electronic signature (CAdES-A). This archive time-stamp attribute may electronic signature (CAdES-A). This archive time-stamp attribute may
be repeatedly applied over a period of time. be repeatedly applied over a period of time.
6.4.1 Archive time-stamp attribute definition 6.4.1 Archive time-stamp attribute definition
The archive-time-stamp attribute is a time-stamp token of many of the The archive-time-stamp attribute is a time-stamp token of many of the
elements of the signedData in the electronic signature. If the elements of the signedData in the electronic signature. If the
certificate-values and revocation-values attributes are not present in certificate-values and revocation-values attributes are not present in
the CAdES-BES or CAdES-EPES, then they shall be added to the electronic the CAdES-BES or CAdES-EPES, then they shall be added to the electronic
signature prior to computing the archive time-stamp token. The signature prior to computing the archive time-stamp token.
archive-time-stamp attribute is an unsigned attribute. Several
The archive-time-stamp attribute is an unsigned attribute. Several
instances of this attribute may occur with an electronic signature instances of this attribute may occur with an electronic signature
both over time and from different TSUs. both over time and from different TSUs.
The following object identifier identifies the nested The following object identifier identifies the nested
archive-time-stamp attribute: archive-time-stamp attribute:
id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 27} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 48}
Archive-time-stamp attribute values have the ASN.1 syntax Archive-time-stamp attribute values have the ASN.1 syntax
ArchiveTimeStampToken ArchiveTimeStampToken
ArchiveTimeStampToken ::= TimeStampToken ArchiveTimeStampToken ::= TimeStampToken
The value of messageImprint field within TimeStampToken shall be a hash The value of messageImprint field within TimeStampToken shall be a hash
of the concatenation of: of the concatenation of:
- The encapContentInfo element of the SignedData sequence; - The encapContentInfo element of the SignedData sequence;
- If the eContent element of the encapContentInfo is omitted,
any external content being protected by the signature;
- When present, the Certificates and crls elements of the - When present, the Certificates and crls elements of the
SignedData sequence; and SignedData sequence; and
- Together with all data elements in the SignerInfo sequence - Together with all data elements in the SignerInfo sequence
including all signed and unsigned attributes. including all signed and unsigned attributes.
Notes: NOTE 1: An alternative archiveTimestamp attribute, identified by
object identifier { iso(1) member-body(2) us(840)
1) Systems supporting archive time-stamp as defined in RFC 3126 will rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 27, is
need to upgrade to be compatible with this definition of the defined in prior versions of TS 101 733. The archiveTimestamp
Attribute time-stamp. attribute defined in versions of TS 101 733 prior to 1.5.1 is
not compatible with the attribute defined in the current
document. The archiveTimestamp attribute defined in versions
1.5.1 to 1.6.3 of TS 101 733 is compatible with current
document if the content is internal to encapContentInfo.
Unless the version of TS 101 733 employed by the signing party
is known by all recipients, use of the archiveTimestamp
attribute defined in prior versions of TS 101 733 is
deprecated.
2) Counter signatures held as countersignature attributes do not NOTE 2: Counter signatures held as countersignature attributes do not
require independent archive time-stamps as they are protected by require independent archive time-stamps as they are protected
the archive time-stamp against the containing SignedData by the archive time-stamp against the containing signedData
structure. structure.
3) Unless DER is used throughout, it is recommended that the binary NOTE 3: Unless DER is used throughout, it is recommended that the
encoding of the ASN.1 structures being time-stamped are binary encoding of the ASN.1 structures being time-stamped are
preserved when being archived to ensure that the recalculation preserved when being archived to ensure that the recalculation
of the data hash is consistent. of the data hash is consistent.
Further information and definition of TimeStampToken see section 7.4. NOTE 4: The hash is calculated over the concatenated data elements as
The timestamp should be created using stronger algorithms (or longer received / stored including the Type and Length encoding.
key lengths) than in the original electronic signatures and weak
algorithm (key length) timestamps.
NOTE 3: This form of ES also provides protection against a TSP key NOTE 5: Whilst it is recommended that unsigned attributes are DER
Compromise. encoded it cannot generally be so guaranteed except by prior
arrangement. Further information and definition of
TimeStampToken see section 7.4. The timestamp should be
created using stronger algorithms (or longer key lengths) than
in the original electronic signatures and weak algorithm (key
length) timestamps.
NOTE 6: This form of ES also provides protection against a TSP key
compromise.
The ArchiveTimeStamp will be added as an unsigned attribute in the The ArchiveTimeStamp will be added as an unsigned attribute in the
SignerInfo sequence. For the validation of one ArchiveTimeStamp the SignerInfo sequence. For the validation of one ArchiveTimeStamp the
data elements of the SignerInfo must be concatenated excluding all data elements of the SignerInfo must be concatenated excluding all
later ArchivTimeStampToken attributes. later ArchivTimeStampToken attributes.
Certificates and revocation information required to validate the Certificates and revocation information required to validate the
ArchiveTimeStamp shall be provided by one of the following methods: ArchiveTimeStamp shall be provided by one of the following methods:
- The TSU provides the information in the SignedData of the - The TSU provides the information in the SignedData of the
skipping to change at page 60, line 16 skipping to change at page 60, line 43
Infrastructure Certificate Management Protocols". Infrastructure Certificate Management Protocols".
[RFC2559] IETF RFC 2559 (2003): "Internet X.509 Public Key [RFC2559] IETF RFC 2559 (2003): "Internet X.509 Public Key
Infrastructure Operational Protocols - LDAPv2". Infrastructure Operational Protocols - LDAPv2".
[RFC2587] IETF RFC 2587 (1999): "Internet X.509 Public Key [RFC2587] IETF RFC 2587 (1999): "Internet X.509 Public Key
Infrastructure LDAPv2 Schema". Infrastructure LDAPv2 Schema".
[RFC3125] IETF RFC 3125 (2000): "Electronic Signature Policies". [RFC3125] IETF RFC 3125 (2000): "Electronic Signature Policies".
[RFC3851] IETF RFC 3851 (2004): "SMIME Version 3.1 Message [RFC3851] IETF RFC 3851 (2004): “SMIME Version 3.1 Message
Specification". Specification”.
[ISO7498-2] ISO 7498-2 (1989): "Information processing systems - [ISO7498-2] ISO 7498-2 (1989): "Information processing systems
Open Systems Interconnection - Basic Reference Model - Part 2: Open Systems Interconnection - Basic Reference Model - Part 2:
Security Architecture". Security Architecture".
[ISO9796-2] ISO/IEC 9796-2 (2002): "Information technology - [ISO9796-2] ISO/IEC 9796-2 (2002): "Information technology
Security techniques - Digital signature schemes giving message Security techniques - Digital signature schemes giving message
recovery - Part 2: Integer factorization based mechanisms". recovery - Part 2: Integer factorization based mechanisms".
[ISO9796-4] ISO/IEC 9796-4 (1998): "Digital signature schemes [ISO9796-4] ISO/IEC 9796-4 (1998): "Digital signature schemes
giving message recovery - Part 4: Discrete logarithm based giving message recovery - Part 4: Discrete logarithm based
mechanisms". mechanisms".
[ISO10118-1] ISO/IEC 10118-1 (2000): "Information technology - [ISO10118-1] ISO/IEC 10118-1 (2000): "Information technology
Security techniques - Hash-functions - Part 1: General". Security techniques - Hash-functions - Part 1: General".
[ISO10118-2] ISO/IEC 10118-2 (2000): "Information technology - [ISO10118-2] ISO/IEC 10118-2 (2000): "Information technology
Security techniques - Hash-functions - Part 2: Hash-functions using Security techniques - Hash-functions - Part 2: Hash-functions using
an n-bit block cipher algorithm". an n-bit block cipher algorithm".
[ISO10118-3] ISO/IEC 10118-3 (2004): "Information technology - [ISO10118-3] ISO/IEC 10118-3 (2004): "Information technology
Security techniques - Hash-functions - Part 3: Dedicated Security techniques - Hash-functions - Part 3: Dedicated
hash-functions". hash-functions".
[ISO10118-4] ISO/IEC 10118-4 (1998): "Information technology - [ISO10118-4] ISO/IEC 10118-4 (1998): "Information technology
Security techniques - Hash-functions - Part 4: Hash-functions using Security techniques - Hash-functions - Part 4: Hash-functions using
modular arithmetic". modular arithmetic".
[ISO10181-5] ISO/IEC 10181-5: Security Frameworks in Open Systems. [ISO10181-5] ISO/IEC 10181-5: Security Frameworks in Open Systems.
Non-Repudiation Framework. April 1997. Non-Repudiation Framework. April 1997.
[ISO13888-1]ISO/IEC 13888-1 (2004): "IT security techniques - [ISO13888-1]ISO/IEC 13888-1 (2004): "IT security techniques
Non-repudiation - Part 1: General". Non-repudiation - Part 1: General".
[ISO14888-1] ISO/IEC 14888-1 (1998): "Information technology - [ISO14888-1] ISO/IEC 14888-1 (1998): "Information technology
Security techniques - Digital signatures with appendix - Part 1: Security techniques - Digital signatures with appendix - Part 1:
General". General".
[ISO14888-2] ISO/IEC 14888-2 (1999): "Information technology - [ISO14888-2] ISO/IEC 14888-2 (1999): "Information technology
Security techniques - Digital signatures with appendix - Part 2: Security techniques - Digital signatures with appendix - Part 2:
Identity-based mechanisms". Identity-based mechanisms".
[ISO14888-3] ISO/IEC 14888-3 (1998): "Information technology - [ISO14888-3] ISO/IEC 14888-3 (1998): "Information technology
Security techniques - Digital signatures with appendix - Part 3: Security techniques - Digital signatures with appendix - Part 3:
Certificate-based mechanisms". Certificate-based mechanisms".
[ISO15946-2] ISO/IEC 15946-2 (2002): "Information technology - [ISO15946-2] ISO/IEC 15946-2 (2002): "Information technology
Security techniques - Cryptographic techniques based on elliptic Security techniques - Cryptographic techniques based on elliptic
curves - Part 2: Digital signatures". curves - Part 2: Digital signatures".
[ISO15946-3] ISO/IEC 15946-3 (2002): "Information technology - [ISO15946-3] ISO/IEC 15946-3 (2002): "Information technology
Security techniques - Cryptographic techniques based on elliptic Security techniques - Cryptographic techniques based on elliptic
curves - Part 3: Key establishment". curves - Part 3: Key establishment".
[X690] ITU-T Recommendation X.690 (2002): "Specification of basic [X690] ITU-T Recommendation X.690 (2002): "Specification of basic
encoding rules for Abstract Syntax Notation One (ASN.1)". encoding rules for Abstract Syntax Notation One (ASN.1)".
[CWA14171] CWA 14171 CEN Workshop Agreements: "General Guidelines [CWA14171] CWA 14171 CEN Workshop Agreements: "General Guidelines
for Electronic Signature Verification". for Electronic Signature Verification".
[XMLDSIG] XMLDSIG: W3C/IETF Recommendation (February 2002): [XMLDSIG] XMLDSIG: W3C/IETF Recommendation (February 2002):
skipping to change at page 62, line 8 skipping to change at page 62, line 30
[X.209] CCITT Recommendation X.209: Specification of Basic Encoding [X.209] CCITT Recommendation X.209: Specification of Basic Encoding
Rules for Abstract Syntax Notation One (ASN.1) 1988. Rules for Abstract Syntax Notation One (ASN.1) 1988.
[P1363] IEEE P1363 (2000): "Standard Specifications for Public-Key [P1363] IEEE P1363 (2000): "Standard Specifications for Public-Key
Cryptography". Cryptography".
12. Authors' addresses 12. Authors' addresses
Denis Pinkas Denis Pinkas
Bull S.A. Bull S.A.S.
Rue Jean-Jaures Rue Jean-Jaures
78340 Les Clayes sous Bois CEDEX 78340 Les Clayes sous Bois CEDEX
FRANCE FRANCE
EMail: Denis.Pinkas@bull.net EMail: Denis.Pinkas@bull.net
Nick Pope Nick Pope
Security & Standards Consultancy Ltd Thales eSecurity
The Waterhouse Business Centre Meadow View House
2 Cromer Way Long Crendon
Chelmsford Aylesbury
Essex Buck
CM1 2QE HP18 9EQ
United Kingdom United Kingdom
EMail: pope@secstan.com EMail: nick.pope@thales-esecurity.com
John Ross John Ross
Security & Standards Consultancy Ltd Security & Standards Consultancy Ltd
The Waterhouse Business Centre The Waterhouse Business Centre
2 Cromer Way 2 Cromer Way
Chelmsford Chelmsford
Essex Essex
CM1 2QE CM1 2QE
United Kingdom United Kingdom
EMail: ross@secstan.com EMail: ross@secstan.com
13. Acknowledgments 13. Acknowledgments
This Informational RFC has been produced in ETSI TC-ESI.
ETSI
F-06921 Sophia Antipolis, Cedex - FRANCE
650 Route des Lucioles - Sophia Antipolis
Valbonne - France
Tel: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
secretariat@etsi.fr
http://www.etsi.org
Special thanks to Russ Housley for reviewing the document. Special thanks to Russ Housley for reviewing the document.
Annex A (normative): ASN.1 definitions Annex A (normative): ASN.1 definitions
This annex provides a summary of all the ASN.1 syntax definitions for This annex provides a summary of all the ASN.1 syntax definitions for
new syntax defined in the present document. new syntax defined in the present document.
A.1 Signature format definitions using X.208 ASN.1 syntax A.1 Signature format definitions using X.208 ASN.1 syntax
NOTE: The ASN.1 module defined in section A.1 using syntax defined in NOTE: The ASN.1 module defined in section A.1 using syntax defined in
skipping to change at page 63, line 38 skipping to change at page 64, line 38
-- Cryptographic Message Syntax (CMS): RFC 3852 -- Cryptographic Message Syntax (CMS): RFC 3852
ContentInfo, ContentType, id-data, id-signedData, SignedData, ContentInfo, ContentType, id-data, id-signedData, SignedData,
EncapsulatedContentInfo, SignerInfo, id-contentType, EncapsulatedContentInfo, SignerInfo, id-contentType,
id-messageDigest, MessageDigest, id-signingTime, SigningTime, id-messageDigest, MessageDigest, id-signingTime, SigningTime,
id-countersignature, Countersignature id-countersignature, Countersignature
FROM CryptographicMessageSyntax2004 FROM CryptographicMessageSyntax2004
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cms-2004(24) } smime(16) modules(0) cms-2004(24) }
-- ESS Defined attributes: ESS Update
-- RFC XXXX (Adding CertID Algorithm Agility)
id-aa-signingCertificate, SigningCertificate, IssuerSerial, id-aa-signingCertificate, SigningCertificate, IssuerSerial,
id-aa-contentReference, ContentReference, id-aa-contentIdentifier, id-aa-contentReference, ContentReference, id-aa-contentIdentifier,
ContentIdentifier ContentIdentifier, id-aa-signingCertificatev2
FROM ExtendedSecurityServices
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
id-aa-signingCertificatev2
FROM ExtendedSecurityServices-2006 FROM ExtendedSecurityServices-2006
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) ess-2006(200) } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) }
-- Internet X.509 Public Key Infrastructure - Certificate and CRL -- Internet X.509 Public Key Infrastructure - Certificate and CRL
-- Profile: RFC 3280 -- Profile: RFC 3280
Certificate, AlgorithmIdentifier, CertificateList, Name, Certificate, AlgorithmIdentifier, CertificateList, Name,
DirectoryString, Attribute, BMPString, UTF8String DirectoryString, Attribute, BMPString, UTF8String
FROM PKIX1Explicit88 FROM PKIX1Explicit88
{iso(1) identified-organization(3) dod(6) internet(1) {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)} security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
GeneralNames, GeneralName, PolicyInformation GeneralNames, GeneralName, PolicyInformation
FROM PKIX1Implicit88 FROM PKIX1Implicit88
{iso(1) identified-organization(3) dod(6) internet(1) security(5) {iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit (19)} mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit (19)}
-- Internet Attribute Certificate Profile for Authorization - RFC 3281 -- Internet Attribute Certificate Profile for Authorization - RFC 3281
AttributeCertificate AttributeCertificate
FROM PKIXAttributeCertificate {iso(1) identified-organization(3) FROM PKIXAttributeCertificate {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) dod(6) internet(1) security(5) mechanisms(5) pkix(7)
skipping to change at page 65, line 4 skipping to change at page 65, line 46
id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::= id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::=
{ itu-t(0) identified-organization(4) etsi(0) { itu-t(0) identified-organization(4) etsi(0)
electronic-signature-standard (1733) part1 (1) idupMechanism (4) electronic-signature-standard (1733) part1 (1) idupMechanism (4)
etsiESv1(1) } etsiESv1(1) }
-- Basic ES CMS Attributes Defined in the present document -- Basic ES CMS Attributes Defined in the present document
-- ======================================================= -- =======================================================
-- OtherSigningCertificate - deprecated -- OtherSigningCertificate - deprecated
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
id-aa-ets-otherSigCert OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 19 }
OtherSigningCertificate ::= SEQUENCE { OtherSigningCertificate ::= SEQUENCE {
certs SEQUENCE OF OtherCertID, certs SEQUENCE OF OtherCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL policies SEQUENCE OF PolicyInformation OPTIONAL
-- NOT USED IN THE PRESENT DOCUMENT -- NOT USED IN THE PRESENT DOCUMENT
} }
OtherCertID ::= SEQUENCE { OtherCertID ::= SEQUENCE {
otherCertHash OtherHash, otherCertHash OtherHash,
issuerSerial IssuerSerial OPTIONAL } issuerSerial IssuerSerial OPTIONAL }
skipping to change at page 65, line 30 skipping to change at page 66, line 26
otherHash OtherHashAlgAndValue} otherHash OtherHashAlgAndValue}
-- Policy ES Attributes Defined in the present document -- Policy ES Attributes Defined in the present document
-- ==================================================== -- ====================================================
-- Mandatory Basic Electronic Signature Attributes as above, -- Mandatory Basic Electronic Signature Attributes as above,
-- plus in addition. -- plus in addition.
-- Signature Policy Identifier -- Signature Policy Identifier
id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::=
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 15 } smime(16) id-aa(2) 15 }
SignaturePolicy ::= CHOICE { SignaturePolicy ::= CHOICE {
signaturePolicyId SignaturePolicyId, signaturePolicyId SignaturePolicyId,
signaturePolicyImplied SignaturePolicyImplied signaturePolicyImplied SignaturePolicyImplied
-- not used in this version -- not used in this version
} }
SignaturePolicyId ::= SEQUENCE { SignaturePolicyId ::= SEQUENCE {
sigPolicyId SigPolicyId, sigPolicyId SigPolicyId,
skipping to change at page 66, line 12 skipping to change at page 67, line 12
hashAlgorithm AlgorithmIdentifier, hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue } hashValue OtherHashValue }
OtherHashValue ::= OCTET STRING OtherHashValue ::= OCTET STRING
SigPolicyQualifierInfo ::= SEQUENCE { SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SigPolicyQualifierId, sigPolicyQualifierId SigPolicyQualifierId,
sigQualifier ANY DEFINED BY sigPolicyQualifierId } sigQualifier ANY DEFINED BY sigPolicyQualifierId }
SigPolicyQualifierId ::= OBJECT IDENTIFIER SigPolicyQualifierId ::= OBJECT IDENTIFIER
id-spq-ets-uri OBJECT IDENTIFIER ::= { iso(1) id-spq-ets-uri OBJECT IDENTIFIER ::=
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 1 } smime(16) id-spq(5) 1 }
SPuri ::= IA5String SPuri ::= IA5String
id-spq-ets-unotice OBJECT IDENTIFIER ::= { iso(1) id-spq-ets-unotice OBJECT IDENTIFIER ::=
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-spq(5) 2 } smime(16) id-spq(5) 2 }
SPUserNotice ::= SEQUENCE { SPUserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL, noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL} explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE { NoticeReference ::= SEQUENCE {
organization DisplayText, organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER } noticeNumbers SEQUENCE OF INTEGER }
skipping to change at page 67, line 8 skipping to change at page 68, line 8
CommitmentTypeQualifier ::= SEQUENCE { CommitmentTypeQualifier ::= SEQUENCE {
commitmentTypeIdentifier CommitmentTypeIdentifier, commitmentTypeIdentifier CommitmentTypeIdentifier,
qualifier ANY DEFINED BY commitmentTypeIdentifier } qualifier ANY DEFINED BY commitmentTypeIdentifier }
id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1}
id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2}
id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 3} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 3}
id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4}
id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 5} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 5}
id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 6} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 6}
-- Signer Location -- Signer Location
id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17}
SignerLocation ::= SEQUENCE { SignerLocation ::= SEQUENCE {
-- at least one of the following shall be present -- at least one of the following shall be present
countryName [0] DirectoryString OPTIONAL, countryName [0] DirectoryString OPTIONAL,
-- As used to name a Country in X.500 -- As used to name a Country in X.500
skipping to change at page 67, line 51 skipping to change at page 68, line 54
claimedAttributes [0] ClaimedAttributes, claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes } certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate CertifiedAttributes ::= AttributeCertificate
-- as defined in RFC 3281 : see section 4.1 -- as defined in RFC 3281 : see section 4.1
-- Content Timestamp -- Content Timestamp
id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 20} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 20}
ContentTimestamp::= TimeStampToken ContentTimestamp::= TimeStampToken
-- Signature Timestamp -- Signature Timestamp
id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::= { iso(1) member- id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 14} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 14}
SignatureTimeStampToken ::= TimeStampToken SignatureTimeStampToken ::= TimeStampToken
-- Complete Certificate Refs. -- Complete Certificate Refs.
id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
skipping to change at page 68, line 42 skipping to change at page 69, line 43
CRLListID ::= SEQUENCE { CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID} crls SEQUENCE OF CrlValidatedID}
CrlValidatedID ::= SEQUENCE { CrlValidatedID ::= SEQUENCE {
crlHash OtherHash, crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL} crlIdentifier CrlIdentifier OPTIONAL}
CrlIdentifier ::= SEQUENCE { CrlIdentifier ::= SEQUENCE {
crlissuer Name, crlissuer Name,
crlIssuedTime UTCTime, crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL crlNumber INTEGER OPTIONAL }
}
OcspListID ::= SEQUENCE { OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID} ocspResponses SEQUENCE OF OcspResponsesID}
OcspResponsesID ::= SEQUENCE { OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier, ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL ocspRepHash OtherHash OPTIONAL
} }
OcspIdentifier ::= SEQUENCE { OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data ocspResponderID ResponderID,
producedAt GeneralizedTime -- As in OCSP response data -- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
} }
OtherRevRefs ::= SEQUENCE { OtherRevRefs ::= SEQUENCE {
otherRevRefType OtherRevRefType, otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType otherRevRefs ANY DEFINED BY otherRevRefType
} }
OtherRevRefType ::= OBJECT IDENTIFIER OtherRevRefType ::= OBJECT IDENTIFIER
-- Certificate Values -- Certificate Values
skipping to change at page 69, line 55 skipping to change at page 70, line 55
id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 26} smime(16) id-aa(2) 26}
TimestampedCertsCRLs ::= TimeStampToken TimestampedCertsCRLs ::= TimeStampToken
-- Archive Timestamp -- Archive Timestamp
id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 27} smime(16) id-aa(2) 48}
ArchiveTimeStampToken ::= TimeStampToken ArchiveTimeStampToken ::= TimeStampToken
-- Attribute certificate references -- Attribute certificate references
id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::= { iso(1) id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 44} smime(16) id-aa(2) 44}
AttributeCertificateRefs ::= SEQUENCE OF OtherCertID AttributeCertificateRefs ::= SEQUENCE OF OtherCertID
skipping to change at page 71, line 33 skipping to change at page 72, line 33
-- Cryptographic Message Syntax (CMS): RFC 3852 -- Cryptographic Message Syntax (CMS): RFC 3852
ContentInfo, ContentType, id-data, id-signedData, SignedData, ContentInfo, ContentType, id-data, id-signedData, SignedData,
EncapsulatedContentInfo, SignerInfo, EncapsulatedContentInfo, SignerInfo,
id-contentType, id-messageDigest, MessageDigest, id-signingTime, id-contentType, id-messageDigest, MessageDigest, id-signingTime,
SigningTime, id-countersignature, Countersignature SigningTime, id-countersignature, Countersignature
FROM CryptographicMessageSyntax2004 FROM CryptographicMessageSyntax2004
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cms-2004(24) } smime(16) modules(0) cms-2004(24) }
-- ESS Defined attributes: ESS Update
-- RFC XXXX (Adding CertID Algorithm Agility)
id-aa-signingCertificate, SigningCertificate, IssuerSerial, id-aa-signingCertificate, SigningCertificate, IssuerSerial,
id-aa-contentReference, ContentReference, id-aa-contentIdentifier, id-aa-contentReference, ContentReference, id-aa-contentIdentifier,
ContentIdentifier ContentIdentifier, id-aa-signingCertificatev2
FROM ExtendedSecurityServices
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
id-aa-signingCertificatev2
FROM ExtendedSecurityServices-2006 FROM ExtendedSecurityServices-2006
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) ess-2006(200) } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) }
-- Internet X.509 Public Key Infrastructure -- Internet X.509 Public Key Infrastructure
-- Certificate and CRL Profile: RFC 3280 -- Certificate and CRL Profile: RFC 3280
Certificate, AlgorithmIdentifier, CertificateList, Name, Certificate, AlgorithmIdentifier, CertificateList, Name,
DirectoryString, Attribute, Attribute
FROM PKIX1Explicit88 FROM PKIX1Explicit88
{iso(1) identified-organization(3) dod(6) internet(1) {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-explicit(18)} id-pkix1-explicit(18)}
GeneralNames, GeneralName, PolicyInformation GeneralNames, GeneralName, PolicyInformation
FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-implicit(19)} id-pkix1-implicit(19)}
-- Internet Attribute Certificate Profile for Authorization - RFC 3281 -- Internet Attribute Certificate Profile for Authorization - RFC 3281
AttributeCertificate AttributeCertificate
FROM PKIXAttributeCertificate {iso(1) identified-organization(3) FROM PKIXAttributeCertificate {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
skipping to change at page 72, line 34 skipping to change at page 73, line 29
FROM OCSP {iso(1) identified-organization(3) dod(6) internet(1) FROM OCSP {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp(14)} security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp(14)}
-- RFC 3161 Internet X.509 Public Key Infrastructure -- RFC 3161 Internet X.509 Public Key Infrastructure
-- Time-Stamp Protocol -- Time-Stamp Protocol
TimeStampToken TimeStampToken
FROM PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1) FROM PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)} security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}
maxSize -- X.520
FROM ETS-ElectronicSignaturePolicies-97Syntax { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) DirectoryString {}
smime(16) id-mod(0) 8} FROM SelectedAttributeTypes
{joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 4}
; ;
-- Definitions of Object Identifier arcs used in the present document -- Definitions of Object Identifier arcs used in the present document
-- ================================================================== -- ==================================================================
-- OID used referencing electronic signature mechanisms based -- OID used referencing electronic signature mechanisms based
-- on the present document for use with the IDUP API (see annex D) -- on the present document for use with the IDUP API (see annex D)
id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::= id-etsi-es-IDUP-Mechanism-v1 OBJECT IDENTIFIER ::=
skipping to change at page 73, line 56 skipping to change at page 74, line 56
} }
SignaturePolicyImplied ::= NULL SignaturePolicyImplied ::= NULL
SigPolicyId ::= OBJECT IDENTIFIER SigPolicyId ::= OBJECT IDENTIFIER
SigPolicyHash ::= OtherHashAlgAndValue SigPolicyHash ::= OtherHashAlgAndValue
OtherHashAlgAndValue ::= SEQUENCE { OtherHashAlgAndValue ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier, hashAlgorithm AlgorithmIdentifier,
hashValue OtherHashValue } hashValue OtherHashValue
}
OtherHashValue ::= OCTET STRING OtherHashValue ::= OCTET STRING
SigPolicyQualifierInfo ::= SEQUENCE { SigPolicyQualifierInfo ::= SEQUENCE {
sigPolicyQualifierId SIG-POLICY-QUALIFIER.&id sigPolicyQualifierId SIG-POLICY-QUALIFIER.&id
({SupportedSigPolicyQualifiers}), ({SupportedSigPolicyQualifiers}),
qualifier SIG-POLICY-QUALIFIER.&Qualifier qualifier SIG-POLICY-QUALIFIER.&Qualifier
({SupportedSigPolicyQualifiers} ({SupportedSigPolicyQualifiers}
{@sigPolicyQualifierId})OPTIONAL } {@sigPolicyQualifierId})OPTIONAL }
SupportedSigPolicyQualifiers SIG-POLICY-QUALIFIER ::= SupportedSigPolicyQualifiers SIG-POLICY-QUALIFIER ::=
skipping to change at page 75, line 34 skipping to change at page 76, line 34
WITH SYNTAX { WITH SYNTAX {
COMMITMENT-QUALIFIER-ID &id COMMITMENT-QUALIFIER-ID &id
[COMMITMENT-TYPE &Qualifier] } [COMMITMENT-TYPE &Qualifier] }
id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfOrigin OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 1}
id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfReceipt OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 2}
id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfDelivery OBJECT IDENTIFIER ::= { iso(1)
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 3} member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
cti(6) 3}
id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-cti-ets-proofOfSender OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 4}
id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfApproval OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 5} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 5}
id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::= { iso(1) member- id-cti-ets-proofOfCreation OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6) 6} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) cti(6) 6}
-- Signer Location -- Signer Location
id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-signerLocation OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 17}
SignerLocation ::= SEQUENCE { SignerLocation ::= SEQUENCE {
-- at least one of the following shall be present -- at least one of the following shall be present
countryName [0] DirectoryString{maxSize} OPTIONAL, countryName [0] DirectoryString{maxSize} OPTIONAL,
-- As used to name a Country in X.500 -- as used to name a Country in X.520
localityName [1] DirectoryString{maxSize} OPTIONAL, localityName [1] DirectoryString{maxSize} OPTIONAL,
-- As used to name a locality in X.500 -- as used to name a locality in X.520
postalAdddress [2] PostalAddress OPTIONAL } postalAdddress [2] PostalAddress OPTIONAL }
PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString{maxSize} PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString{maxSize}
-- maxSize parametrization as specified in X.683
-- Signer Attributes -- Signer Attributes
id-aa-ets-signerAttr OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-signerAttr OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 18} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 18}
SignerAttribute ::= SEQUENCE OF CHOICE { SignerAttribute ::= SEQUENCE OF CHOICE {
claimedAttributes [0] ClaimedAttributes, claimedAttributes [0] ClaimedAttributes,
certifiedAttributes [1] CertifiedAttributes } certifiedAttributes [1] CertifiedAttributes }
ClaimedAttributes ::= SEQUENCE OF Attribute ClaimedAttributes ::= SEQUENCE OF Attribute
CertifiedAttributes ::= AttributeCertificate CertifiedAttributes ::= AttributeCertificate
-- as defined in RFC 3281 : see section 4.1 -- as defined in RFC 3281 : see section 4.1
-- Content Timestamp -- Content Timestamp
id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-contentTimestamp OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 20} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 20}
ContentTimestamp::= TimeStampToken ContentTimestamp::= TimeStampToken
-- Signature Timestamp -- Signature Timestamp
id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::= { iso(1) member- id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 14} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 14}
SignatureTimeStampToken ::= TimeStampToken SignatureTimeStampToken ::= TimeStampToken
-- Complete Certificate Refs. -- Complete Certificate Refs.
id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-certificateRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
skipping to change at page 76, line 47 skipping to change at page 78, line 4
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 21}
CompleteCertificateRefs ::= SEQUENCE OF OtherCertID CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
-- Complete Revocation Refs -- Complete Revocation Refs
id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22}
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= SEQUENCE { CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL, crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL, ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL otherRev [2] OtherRevRefs OPTIONAL
} }
CRLListID ::= SEQUENCE { CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID} crls SEQUENCE OF CrlValidatedID
}
CrlValidatedID ::= SEQUENCE { CrlValidatedID ::= SEQUENCE {
crlHash OtherHash, crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL} crlIdentifier CrlIdentifier OPTIONAL
}
CrlIdentifier ::= SEQUENCE { CrlIdentifier ::= SEQUENCE {
crlissuer Name, crlissuer Name,
crlIssuedTime UTCTime, crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL crlNumber INTEGER OPTIONAL
} }
OcspListID ::= SEQUENCE { OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID} ocspResponses SEQUENCE OF OcspResponsesID
}
OcspResponsesID ::= SEQUENCE { OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier, ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL ocspRepHash OtherHash OPTIONAL
} }
OcspIdentifier ::= SEQUENCE { OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data ocspResponderID ResponderID,
producedAt GeneralizedTime -- As in OCSP response data -- As in OCSP response data
producedAt GeneralizedTime
-- As in OCSP response data
} }
OtherRevRefs ::= SEQUENCE { OtherRevRefs ::= SEQUENCE {
otherRevRefType OTHER-REVOCATION-REF.&id, otherRevRefType OTHER-REVOCATION-REF.&id,
otherRevRefs SEQUENCE OF OTHER-REVOCATION-REF.&Type otherRevRefs SEQUENCE OF OTHER-REVOCATION-REF.&Type
} }
OTHER-REVOCATION-REF ::= CLASS { OTHER-REVOCATION-REF ::= CLASS {
&Type, &Type,
&id OBJECT IDENTIFIER UNIQUE } &id OBJECT IDENTIFIER UNIQUE }
skipping to change at page 77, line 47 skipping to change at page 79, line 7
-- Certificate Values -- Certificate Values
id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}
CertificateValues ::= SEQUENCE OF Certificate CertificateValues ::= SEQUENCE OF Certificate
-- Certificate Revocation Values -- Certificate Revocation Values
id-aa-ets-revocationValues OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-revocationValues OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 24} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 24}
RevocationValues ::= SEQUENCE { RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL, crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL} otherRevVals [2] OtherRevVals OPTIONAL
}
OtherRevVals ::= SEQUENCE { OtherRevVals ::= SEQUENCE {
otherRevValType OTHER-REVOCATION-VAL.&id, otherRevValType OTHER-REVOCATION-VAL.&id,
otherRevVals SEQUENCE OF OTHER-REVOCATION-REF.&Type otherRevVals SEQUENCE OF OTHER-REVOCATION-REF.&Type
} }
OTHER-REVOCATION-VAL ::= CLASS { OTHER-REVOCATION-VAL ::= CLASS {
&Type, &Type,
&id OBJECT IDENTIFIER UNIQUE } &id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX { WITH SYNTAX {
WITH SYNTAX &Type ID &id } WITH SYNTAX &Type ID &id }
-- CAdES-C Timestamp -- CAdES-C Timestamp
id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25}
ESCTimeStampToken ::= TimeStampToken ESCTimeStampToken ::= TimeStampToken
-- Time-Stamped Certificates and CRLs -- Time-Stamped Certificates and CRLs
id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 26} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 26}
TimestampedCertsCRLs ::= TimeStampToken TimestampedCertsCRLs ::= TimeStampToken
-- Archive Timestamp -- Archive Timestamp
id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-archiveTimestamp OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 27} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 48}
ArchiveTimeStampToken ::= TimeStampToken ArchiveTimeStampToken ::= TimeStampToken
-- Attribute certificate references -- Attribute certificate references
id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-attrCertificateRefs OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 44} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 44}
AttributeCertificateRefs ::= SEQUENCE OF OtherCertID AttributeCertificateRefs ::= SEQUENCE OF OtherCertID
-- Attribute revocation references -- Attribute revocation references
id-aa-ets-attrRevocationRefs OBJECT IDENTIFIER ::= { iso(1) member- id-aa-ets-attrRevocationRefs OBJECT IDENTIFIER ::=
body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 45} { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) id-aa(2) 45}
AttributeRevocationRefs ::= SEQUENCE OF CrlOcspRef AttributeRevocationRefs ::= SEQUENCE OF CrlOcspRef
END END
Annex B (informative): Extended forms of Electronic Signatures Annex B (informative): Extended forms of Electronic Signatures
Section 4 provides on overview of the various formats of electronic Section 4 provides on overview of the various formats of electronic
signatures included in the present document. This annex lists the signatures included in the present document. This annex lists the
attributes that need to be present in the various extended electronic attributes that need to be present in the various extended electronic
skipping to change at page 96, line 55 skipping to change at page 98, line 55
In many real life environments users will be able to get from different In many real life environments users will be able to get from different
CAs or even from the same CA, different certificates containing the CAs or even from the same CA, different certificates containing the
same public key for different names. The prime advantage is that a same public key for different names. The prime advantage is that a
user can use the same private key for different purposes. Multiple use user can use the same private key for different purposes. Multiple use
of the private key is an advantage when a smart card is used to protect of the private key is an advantage when a smart card is used to protect
the private key, since the storage of a smart card is always limited. the private key, since the storage of a smart card is always limited.
When several CAs are involved, each different certificate may contain a When several CAs are involved, each different certificate may contain a
different identity, e.g. as a national or as an employee from a different identity, e.g. as a national or as an employee from a
company. Thus when a private key is used for various purposes, the company. Thus when a private key is used for various purposes, the
certificate is needed to clarify the context in which the private key certificate is needed to clarify the context in which the private key
was used when generating the signature. Where there is the possibility was used when generating the signature. Where there is the
of multiple use of private keys it is necessary for the signer to possibility that multiple private keys are used, it is necessary for
indicate to the verifier the precise certificate to be used. the signer to indicate to the verifier the precise certificate to be
used.
Many current schemes simply add the certificate after the signed data Many current schemes simply add the certificate after the signed data
and thus are vulnerable to substitution attacks. If the certificate and thus are vulnerable to substitution attacks. If the certificate
from the signer was simply appended to the signature and thus not from the signer was simply appended to the signature and thus not
protected by the signature, any one could substitute one certificate by protected by the signature, any one could substitute one certificate by
another and the message would appear to be signed by some one else. In another and the message would appear to be signed by some one else. In
order to counter this kind of attack, the identifier of the signer has order to counter this kind of attack, the identifier of the signer has
to be protected by the digital signature from the signer. to be protected by the digital signature from the signer.
In order to identify unambiguously the certificate to be used for the In order to identify unambiguously the certificate to be used for the
skipping to change at page 101, line 38 skipping to change at page 103, line 38
In this case it will be necessary to capture all the certificates from In this case it will be necessary to capture all the certificates from
the certification path, starting with those from the signer and ending the certification path, starting with those from the signer and ending
up with those of the self-signed certificate from one trusted root, up with those of the self-signed certificate from one trusted root,
when applicable this may be specified as part of the Signature Policy. when applicable this may be specified as part of the Signature Policy.
In addition, it will be necessary to capture the Certificate Authority In addition, it will be necessary to capture the Certificate Authority
Revocation Lists (CARLs) to prove than none of the CAs from the chain Revocation Lists (CARLs) to prove than none of the CAs from the chain
was revoked at the time of the signature. Again, all this material may was revoked at the time of the signature. Again, all this material may
be incorporated in the electronic signature (ES X forms). An be incorporated in the electronic signature (ES X forms). An
alternative would be to store it in some storage so that they can it be alternative would be to store it in some storage so that they can it be
easily retrieved, and incorporate references to it in the electronic easily retrieved, and incorporate references to it in the electronic
signature itself as an CAdES-C form. signature itself as a CAdES-C form.
C.4.3 Time-stamping for long life of signatures C.4.3 Time-stamping for long life of signatures
An important property for long standing signatures is that a signature, An important property for long standing signatures is that a signature,
having been found once to be valid, shall continue to be so months or having been found once to be valid, shall continue to be so months or
years later. years later.
A signer, verifier or both may be required to provide on request, proof A signer, verifier or both may be required to provide on request, proof
that a digital signature was created or verified during the validity that a digital signature was created or verified during the validity
period of the all the certificates that make up the certificate path. period of the all the certificates that make up the certificate path.
skipping to change at page 114, line 36 skipping to change at page 116, line 36
The specific use of MIME to carry CMS (extended as defined in the The specific use of MIME to carry CMS (extended as defined in the
present document) secured data is called S/MIME (see [RFC3851]). present document) secured data is called S/MIME (see [RFC3851]).
S/MIME carries electronic signatures as either: S/MIME carries electronic signatures as either:
- an "application/pkcs7-mime" object with the CMS carried as binary - an "application/pkcs7-mime" object with the CMS carried as binary
attachment (PKCS7 is the name of the early version of CMS). attachment (PKCS7 is the name of the early version of CMS).
The signed data may be included in the SignedData, which itself The signed data may be included in the SignedData, which itself
may be included in a single S/MIME object. See [RFC3851], may be included in a single S/MIME object. See [RFC3851],
section 3.4.2 "Signing Using application/pkcs7-mime with section 3.4.2 “Signing Using application/pkcs7-mime with
SignedData" and figure F.1 hereafter. SignedData” and figure F.1 hereafter.
or or
- a "multipart/signed" object with the signed data and the - a "multipart/signed" object with the signed data and the
signature encoded as separate MIME objects. signature encoded as separate MIME objects.
The signed data is not included in the SignedData, and the CMS The signed data is not included in the SignedData, and the CMS
structure only includes the signature. See [RFC3851], structure only includes the signature. See [RFC3851],
section 3.4.3 "Signing Using the multipart/signed Format" and section 3.4.3 “Signing Using the multipart/signed Format” and
figure F.2 hereafter. figure F.2 hereafter.
+-------------++----------++-------------++------------+ +-------------++----------++-------------++------------+
| || || || | | || || || |
| S/MIME || CAdES || MIME || pdf file | | S/MIME || CAdES || MIME || pdf file |
| || || || | | || || || |
|Content-Type=||SignedData||Content-Type=||Dear MrSmith| |Content-Type=||SignedData||Content-Type=||Dear MrSmith|
|application/ || eContent ||application/ ||Received | |application/ || eContent ||application/ ||Received |
|pkcs7-mime || ||pdf || 100 tins | |pkcs7-mime || ||pdf || 100 tins |
| || || || | | || || || |
skipping to change at page 115, line 45 skipping to change at page 117, line 45
77n8HHGT9HG4VQpfyF467GhIGfHfYT6rfvbnj756tbBghyHhHUujhJhjH 77n8HHGT9HG4VQpfyF467GhIGfHfYT6rfvbnj756tbBghyHhHUujhJhjH
HUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H7n8HHGghyHh HUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H7n8HHGghyHh
6YT64V0GhIGfHfQbnj75 6YT64V0GhIGfHfQbnj75
F.2.1 Using application/pkcs7-signature F.2.1 Using application/pkcs7-signature
CMS also supports an alternative structure where the signature and CMS also supports an alternative structure where the signature and
data being protected are separate MIME objects carried within a single data being protected are separate MIME objects carried within a single
message. In this case the signed data is not included in the message. In this case the signed data is not included in the
SignedData, and the CMS structure only includes the signature. See SignedData, and the CMS structure only includes the signature. See
[RFC3851], section 3.4.3 "Signing Using the multipart/signed Format" [RFC3851], section 3.4.3 “Signing Using the multipart/signed Format”
and figure F.2 herafter. and figure F.2 herafter.
An example of signed data encoded this approach is: An example of signed data encoded this approach is:
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; protocol="application/pkcs7-signature";
micalg=sha1; boundary=boundary42 micalg=sha1; boundary=boundary42
--boundary42 --boundary42
Content-Type: text/plain Content-Type: text/plain
skipping to change at page 125, line 27 skipping to change at page 127, line 27
- FIPS Publication 180-1 (1995): "Secure Hash Standard". FIPS 180-1 - FIPS Publication 180-1 (1995): "Secure Hash Standard". FIPS 180-1
specifies the Secure Hash Algorithm (SHA), dedicated hash- specifies the Secure Hash Algorithm (SHA), dedicated hash-
function developed for use with the DSA. The original SHA function developed for use with the DSA. The original SHA
published in 1993 was slightly revised in 1995 and renamed SHA-1. published in 1993 was slightly revised in 1995 and renamed SHA-1.
- ANSI X9.30-2 (1997) [X9.30-2]: "Public Key Cryptography for the - ANSI X9.30-2 (1997) [X9.30-2]: "Public Key Cryptography for the
Financial Services Industry - Part 2: The Secure Hash Algorithm Financial Services Industry - Part 2: The Secure Hash Algorithm
(SHA-1)". X9.30-2 specifies the ANSI-Version of SHA-1. (SHA-1)". X9.30-2 specifies the ANSI-Version of SHA-1.
- ANSI X9.31-2 (1996) [X9.31-2]: "Public Key Cryptography Using - ANSI X9.31-2 (1996) [X9.31-2]: "Public Key Cryptography Using
Reversible Algorithms for the Financial Services Industry - Reversible Algorithms for the Financial Services Industry
Part 2: Hash Algorithms". X9.31-2 specifies hash algorithms. Part 2: Hash Algorithms". X9.31-2 specifies hash algorithms.
I.2 Digital signature algorithms I.2 Digital signature algorithms
I.2.1 DSA I.2.1 DSA
The DSA signature algorithm is defined in FIPS Pub 186. DSA is always The DSA signature algorithm is defined in FIPS Pub 186. DSA is always
used with the SHA-1 message digest algorithm. The algorithm identifier used with the SHA-1 message digest algorithm. The algorithm identifier
for DSA is: for DSA is:
skipping to change at page 127, line 39 skipping to change at page 129, line 39
- The document includes two schemes: - The document includes two schemes:
- EC-DSA, an elliptic curve based analog of NIST's Digital - EC-DSA, an elliptic curve based analog of NIST's Digital
Signature Algorithm; Signature Algorithm;
- EC-AMV, an elliptic curve based analog of the Agnew-Muller- - EC-AMV, an elliptic curve based analog of the Agnew-Muller-
Vanstone signature algorithm. Vanstone signature algorithm.
- ANSI X9.31-1 (1997) [X9.31-1]: "Public Key Cryptography Using - ANSI X9.31-1 (1997) [X9.31-1]: "Public Key Cryptography Using
Reversible Algorithms for the Financial Services Industry - Reversible Algorithms for the Financial Services Industry
Part 1: The RSA Signature Algorithm". ANSI X9.31-1 specifies a Part 1: The RSA Signature Algorithm". ANSI X9.31-1 specifies a
digital signature mechanism with appendix using the RSA digital signature mechanism with appendix using the RSA
public-key technique. public-key technique.
- ANSI X9.30-1 (1997) [X9.30-1]: "Public Key Cryptography Using - ANSI X9.30-1 (1997) [X9.30-1]: "Public Key Cryptography Using
Irreversible Algorithms for the Financial Services Industry - Irreversible Algorithms for the Financial Services Industry
Part 1: The Digital Signature Algorithm (DSA)". ANSI X9.30-1 Part 1: The Digital Signature Algorithm (DSA)". ANSI X9.30-1
specifies the DSA, NIST's Digital Signature Algorithm. specifies the DSA, NIST's Digital Signature Algorithm.
- ANSI X9.62 (1998) [X9.62]: "Public Key Cryptography for the - ANSI X9.62 (1998) [X9.62]: "Public Key Cryptography for the
Financial Services Industry - The Elliptic Curve Digital Financial Services Industry - The Elliptic Curve Digital
Signature Algorithm (ECDSA)". ANSI X9.62 specifies the Elliptic Signature Algorithm (ECDSA)". ANSI X9.62 specifies the Elliptic
Curve Digital Signature Algorithm, an analog of NIST's Digital Curve Digital Signature Algorithm, an analog of NIST's Digital
Signature Algorithm (DSA) using elliptic curves. The appendices Signature Algorithm (DSA) using elliptic curves. The appendices
provide tutorial information on the underlying mathematics for provide tutorial information on the underlying mathematics for
elliptic curve cryptography and many examples. elliptic curve cryptography and many examples.
Annex J (informative): Changes from the previous version Annex J (informative): Changes from the previous version
The title of the document has changed to be aligned with the title The title of the document has changed to be aligned with the title
of XAdES, the vocabulary used within the present document has been of XAdES (XML Advanced Electronic Signatures), the vocabulary used
aligned with the vocabulary used in XAdES, within the present document has been aligned with the vocabulary
used in XAdES,
If the hash of the signature policy is unknown, then, by If the hash of the signature policy is unknown, then, by
convention, the sigPolicyHash shall be set to all zeros. convention, the sigPolicyHash shall be set to all zeros.
The OIDs from the ASN.1 modules have changed for the following The OIDs from the ASN.1 modules have changed for the following
reasons: reasons:
- the OIDs of the ASN.1 modules of RFC 2560 and RFC 3161 have been - the OIDs of the ASN.1 modules of RFC 2560 and RFC 3161 have been
included. included.
- since RFC 2459 and RFC 3852 has been obsoleted by RFC 3280 and - since RFC 2459 and RFC 3852 has been obsoleted by RFC 3280 and
RFC 3852 respectively, there was the need to refer to the OIDs RFC 3852 respectively, there was the need to refer to the OIDs
of the ASN.1 modules of RFC 3280 and RFC 3852, instead of the of the ASN.1 modules of RFC 3280 and RFC 3852, instead of the
OIDs of the ASN.1 modules of RFC 2459 and RFC 3852. OIDs of the ASN.1 modules of RFC 2459 and RFC 3852.
- the other changes are related to the addition of the general- - other changes are related to the addition of the signing-
signing-certificate attribute. certificate attribute, where the ESS signing-certificate
attribute defined in RFC 2634, shall be used if the SHA-1
hashing algorithm is used while the ESS signing-certificate
attribute v2, defined in “ESS Update: Adding CertID Algorithm
Agility shall be used when other hashing algorithms are to be
used.
Full Copyright Statement - the definition of the Archive time-stamp attribute has been
changed in section 6.4.1. to protect all signed and unsined
attributes. A new object identifier has been assigned to this
attribute.
Copyright (C) The Internet Society (2006). Full Copyright Statement
The contents of this Informational RFC amounts to a transposition Copyright (C) The IETF Trust (2007).
of the ETSI TS 101 733 V.1.6.3 and is technically equivalent to it.
The ETSI TS is under the ETSI Copyright (C). Individual copies of
this ETSI deliverable can be downloaded from http://www.etsi.org.
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
Disclaimer
This document and the information contained herein are provided on This document and the information contained herein are provided on
An "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE An "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
PARTICULAR PURPOSE. FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights. it has made any independent effort to identify any such rights.
Information on the procedures with respect to rights in RFC Information on the procedures with respect to rights in RFC
skipping to change at page 129, line 50 skipping to change at page 131, line 43
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr. at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf- this standard. Please address the information to the IETF at
ipr@ietf.org. ietf-ipr@ietf.org.
ETSI takes no position regarding the validity or scope of any ETSI takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights. it has made any independent effort to identify any such rights.
Information on the ETSI Intellectual Property Rights Policy may be Information on the ETSI Intellectual Property Rights Policy may be
obtained from <http://www.etsi.org/legal/home.htm>. The document is obtained from <http://www.etsi.org/legal/home.htm>. The document is
skipping to change at line 6407 skipping to change at page 132, line 24
received. ETSI has not checked the validity of the information, nor received. ETSI has not checked the validity of the information, nor
the relevance of the identified patents/patent applications to the the relevance of the identified patents/patent applications to the
ETSI Standards and cannot confirm, or deny, that the patents/patent ETSI Standards and cannot confirm, or deny, that the patents/patent
applications are, in fact, essential, or potentially essential. No applications are, in fact, essential, or potentially essential. No
investigation, or IPR searches, have been carried out by ETSI and investigation, or IPR searches, have been carried out by ETSI and
therefore no guarantee can be given concerning the existence of therefore no guarantee can be given concerning the existence of
other IPRs which are, or may become, essential. other IPRs which are, or may become, essential.
Potential Licensees should use the information in this database at Potential Licensees should use the information in this database at
their discretion and should contact the patent holder. their discretion and should contact the patent holder.
Acknowledgements
Funding for the RFC Editor function is currently provided by the
Internet Society.
Funding for the publication of the previous RFC has been provided
by ETSI and the European Commision.
 End of changes. 153 change blocks. 
334 lines changed or deleted 384 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/