draft-ietf-smime-cades-02.txt   draft-ietf-smime-cades-03.txt 
S/MIME Working Group J.Ross(Security and Standards) S/MIME Working Group D.Pinkas(Bull SAS)
INTERNET-DRAFT N.Pope(Thales eSecurity) INTERNET-DRAFT N.Pope(Thales eSecurity)
Expires November 2007 D.Pinkas(Bull SAS) Expires November 2007 J.Ross(Security and Standards)
Obsoletes: RFC 3126 August 2007
Target Category: Informational Target Category: Informational
CMS Advanced Electronic Signatures (CAdES) CMS Advanced Electronic Signatures (CAdES)
<draft-ietf-smime-cades-02.txt> <draft-ietf-smime-cades-03.txt>
Status of this memo Status of this memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 3, line 30 skipping to change at page 3, line 30
6.2.3 Attribute certificate references attribute definition 47 6.2.3 Attribute certificate references attribute definition 47
6.2.4 Attribute revocation references attribute definition 48 6.2.4 Attribute revocation references attribute definition 48
6.3 Extended validation data (CAdES-X) 48 6.3 Extended validation data (CAdES-X) 48
6.3.1 Time-stamped validation data (CAdES-X Type 1 or Type 2) 48 6.3.1 Time-stamped validation data (CAdES-X Type 1 or Type 2) 48
6.3.2 Long validation data (CAdES-X Long, CAdES-X Long Type 1 or 2) 48 6.3.2 Long validation data (CAdES-X Long, CAdES-X Long Type 1 or 2) 48
6.3.3 Certificate values attribute definition 49 6.3.3 Certificate values attribute definition 49
6.3.4 Revocation values attribute definition 50 6.3.4 Revocation values attribute definition 50
6.3.5 CAdES-C time-stamp attribute definition 51 6.3.5 CAdES-C time-stamp attribute definition 51
6.3.6 Time-stamped certificates and crls references attribute 6.3.6 Time-stamped certificates and crls references attribute
definition 52 definition 52
6.4 Archive validation data 52 6.4 Archive validation data 53
6.4.1 Archive time-stamp attribute definition 52 6.4.1 Archive time-stamp attribute definition 53
7. Other standard data structures 54 7. Other standard data structures 55
7.1 Public-key certificate format 54 7.1 Public-key certificate format 55
7.2 Certificate revocation list format 54 7.2 Certificate revocation list format 55
7.3 OCSP response format 54 7.3 OCSP response format 55
7.4 Time-stamp token format 55 7.4 Time-stamp token format 55
7.5 Name and attribute formats 55 7.5 Name and attribute formats 55
7.6 Attribute certificate 55 7.6 Attribute certificate 56
8. Conformance requirements 56 8. Conformance requirements 56
8.1 CAdES-Basic Electronic Signature (CAdES-BES) 56 8.1 CAdES-Basic Electronic Signature (CAdES-BES) 56
8.2 CAdES-Explicit Policy-based Electronic Signature 57 8.2 CAdES-Explicit Policy-based Electronic Signature 57
8.3 Verification using time-stamping 57 8.3 Verification using time-stamping 57
8.4 Verification using secure records 57 8.4 Verification using secure records 58
9. Security considerations 58 9. Security considerations 58
9.1 Protection of private key 58 9.1 Protection of private key 58
9.2 Choice of algorithms 58 9.2 Choice of algorithms 58
10. IANA Considerations 58 10. IANA Considerations 59
11. References 58 11. References 59
11.1 Normative references 58 11.1 Normative references 58
11.2 Informative references 59 11.2 Informative references 60
12. Authors' addresses 62 12. Authors' addresses 62
13. Acknowledgments 63 13. Acknowledgments 63
Annex A (normative): ASN.1 definitions 64 Annex A (normative): ASN.1 definitions 64
A.1 Signature format definitions using X.208 ASN.1 syntax 64 A.1 Signature format definitions using X.208 ASN.1 syntax 64
A.2 Signature format definitions using X.680 ASN.1 syntax 72 A.2 Signature format definitions using X.680 ASN.1 syntax 72
Annex B (informative): Extended forms of Electronic Signatures 81 Annex B (informative): Extended forms of Electronic Signatures 81
skipping to change at page 35, line 25 skipping to change at page 35, line 25
SigPolicyId ::= OBJECT IDENTIFIER SigPolicyId ::= OBJECT IDENTIFIER
The sigPolicyHash field optionally contains the identifier of the hash The sigPolicyHash field optionally contains the identifier of the hash
algorithm and the hash of the value of the signature policy. The algorithm and the hash of the value of the signature policy. The
hashValue within the sigPolicyHash max be set to zero to indicate hashValue within the sigPolicyHash max be set to zero to indicate
that the policy hash value is not known. that the policy hash value is not known.
NOTE: The use of zero policy hash value is to ensure backward NOTE: The use of zero policy hash value is to ensure backward
compatibility with earlier versions of the current document. compatibility with earlier versions of the current document.
If hashValue is zero then the hash value should not be checked
against the calculated hash value of signature policy.
If the signature policy is defined using ASN.1, then the hash is If the signature policy is defined using ASN.1, then the hash is
calculated on the value without the outer type and length fields and calculated on the value without the outer type and length fields and
the hashing algorithm shall be as specified in the field sigPolicyHash. the hashing algorithm shall be as specified in the field sigPolicyHash.
If the signature policy is defined using another structure, the type of If the signature policy is defined using another structure, the type of
structure and the hashing algorithm shall be either specified as part structure and the hashing algorithm shall be either specified as part
of the signature policy, or indicated using a signature policy qualifier. of the signature policy, or indicated using a signature policy qualifier.
SigPolicyHash ::= OtherHashAlgAndValue SigPolicyHash ::= OtherHashAlgAndValue
skipping to change at page 36, line 54 skipping to change at page 36, line 56
defined in CMS (RFC 3852 [4]). defined in CMS (RFC 3852 [4]).
NOTE: RFC 3852 [4] states that dates between 1 January 1950 and 31 NOTE: RFC 3852 [4] states that dates between 1 January 1950 and 31
December 2049 (inclusive) MUST be encoded as UTCTime. Any dates December 2049 (inclusive) MUST be encoded as UTCTime. Any dates
with year values before 1950 or after 2049 MUST be encoded as with year values before 1950 or after 2049 MUST be encoded as
GeneralizedTime. GeneralizedTime.
5.9.2 Countersignature 5.9.2 Countersignature
The counterSignature attribute values for ES have ASN.1 type The counterSignature attribute values for ES have ASN.1 type
CounterSignature as defined in CMS (RFC 3852 [4]). CounterSignature as defined in CMS (RFC 3852 [4]). A counterSignature
attribute shall be an unsigned attribute.
A counterSignature attribute shall be an unsigned attribute.
5.10 ESS imported optional attributes 5.10 ESS imported optional attributes
The following attributes may be present with the signed-data defined by The following attributes may be present with the signed-data defined by
the present document. The attributes are defined in ESS and are the present document. The attributes are defined in ESS and are
imported into the present document and were appropriate qualified and imported into the present document and were appropriate qualified and
profiled by the present document. profiled by the present document.
5.10.1 Content reference attribute 5.10.1 Content reference attribute
skipping to change at page 49, line 23 skipping to change at page 49, line 23
- CAdES-C Time-stamp, as defined in section 6.3.3 (CAdES-X long - CAdES-C Time-stamp, as defined in section 6.3.3 (CAdES-X long
Type 1); or Type 1); or
- Time-Stamped Certificates and CRLs references, as defined in - Time-Stamped Certificates and CRLs references, as defined in
section 6.3.4 (CAdES-X Long Type 2). section 6.3.4 (CAdES-X Long Type 2).
The CAdES-X Long Type 1 or CAdES-X Long Type 2 provide additional The CAdES-X Long Type 1 or CAdES-X Long Type 2 provide additional
protection against later CA compromise and provide integrity of the protection against later CA compromise and provide integrity of the
validation data used. validation data used.
NOTE 1: The CAdES-X Long provides long term proof of a valid NOTE 1: The CAdES-X-Long signature provides long term proof of the
electronic signature as long as the CAs are trusted such that validity of the signature for as long as the CA keys, CRL
these keys cannot be compromised or the cryptographic Issuers keys and OCSP responder keys are not compromised and
algorithms that were initialy used are broken. are resistant to cryptographic attacks.
NOTE 2: As long as the time stamp data remains valid, the CAdES-X NOTE 2: As long as the time stamp data remains valid, the CAdES-X
Long Type 1 and the CAdES-X Long Type 2 provides the following Long Type 1 and the CAdES-X Long Type 2 provides the following
important property for long standing signatures; that having important property for long standing signatures; that having
been found once to be valid, it shall continue to be so months been found once to be valid, it shall continue to be so months
or years later, long after the validity period of the or years later, long after the validity period of the
certificates have expired, or after the user key has been certificates have expired, or after the user key has been
compromised. compromised.
6.3.3 Certificate values attribute definition 6.3.3 Certificate values attribute definition
skipping to change at page 50, line 6 skipping to change at page 50, line 6
structure but shall be provided by the signer as a signer- structure but shall be provided by the signer as a signer-
attributes attribute (see section 5.11.3). attributes attribute (see section 5.11.3).
The following object identifier identifies the certificate-values The following object identifier identifies the certificate-values
attribute: attribute:
id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-certValues OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 23}
The certificate-values attribute value has the ASN.1 syntax The certificate-values attribute value has the ASN.1 syntax
CertificateValues CertificateValues.
CertificateValues ::= SEQUENCE OF Certificate CertificateValues ::= SEQUENCE OF Certificate
Certificate is defined in section 7.1. (which is as defined in ITU-T Recommendation X.509 [1]. Certificate is defined in section 7.1. (which is as defined in ITU-T Recommendation X.509 [1].
This attribute may include the certification information for any TSUs This attribute may include the certification information for any TSUs
that have provided the time-stamp tokens if these certificates are not that have provided the time-stamp tokens if these certificates are not
already included in the TSTs as part of the TSUs signatures. In this already included in the TSTs as part of the TSUs signatures. In this
case the unsigned attribute shall be added to the signedData of the case the unsigned attribute shall be added to the signedData of the
relevant timestamp token. relevant timestamp token.
skipping to change at page 51, line 36 skipping to change at page 51, line 36
Electronic Signature; CAdES-X Type 1 and CAdES-X Long Type 1, see Electronic Signature; CAdES-X Type 1 and CAdES-X Long Type 1, see
section B.1.2 for an illustration of this form of electronic signature. section B.1.2 for an illustration of this form of electronic signature.
The CAdES-C-timestamp attribute is an unsigned attribute. It is a The CAdES-C-timestamp attribute is an unsigned attribute. It is a
time-stamp token of the hash of the electronic signature and the time-stamp token of the hash of the electronic signature and the
complete validation data (CAdES-C). It is a special purpose complete validation data (CAdES-C). It is a special purpose
TimeStampToken Attribute which time-stamps the CAdES-C. Several TimeStampToken Attribute which time-stamps the CAdES-C. Several
instances of this attribute may occur with an electronic signature from instances of this attribute may occur with an electronic signature from
different TSAs. different TSAs.
NOTE 1: It is recommended that the attributes being time-stamped are
encoded in DER. If DER is not employed then the binary encoding
of the ASN.1structures being time-stamped should be preserved to
ensure that the recalculation of the data hash is consistent.
NOTE 2: Each attribute is included in the hash with the attrType and
attrValues (including type and length) but without the type and
length of the outer SEQUENCE.
The following object identifier identifies the CAdES-C-Timestamp The following object identifier identifies the CAdES-C-Timestamp
attribute: attribute:
id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-aa-ets-escTimeStamp OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 25}
The CAdES-C-timestamp attribute value has the ASN.1 syntax The CAdES-C-timestamp attribute value has the ASN.1 syntax
ESCTimeStampToken : ESCTimeStampToken :
ESCTimeStampToken ::= TimeStampToken ESCTimeStampToken ::= TimeStampToken
skipping to change at page 52, line 22 skipping to change at page 52, line 31
attribute is used for the time stamping certificate and revocation attribute is used for the time stamping certificate and revocation
references. It is used in the following forms of eXtended Electronic references. It is used in the following forms of eXtended Electronic
Signature; CAdES-X Type 2 and CAdES-X Long Type 2, see section B.1.3 Signature; CAdES-X Type 2 and CAdES-X Long Type 2, see section B.1.3
for an illustration of this form of electronic signature. for an illustration of this form of electronic signature.
A time-stamped-certs-crls-references attribute is an unsigned A time-stamped-certs-crls-references attribute is an unsigned
attribute. It is a time-stamp token issued for a list of referenced attribute. It is a time-stamp token issued for a list of referenced
certificates and OCSP responses or/and CRLs to protect against certain certificates and OCSP responses or/and CRLs to protect against certain
CA compromises. Its syntax is as follows: CA compromises. Its syntax is as follows:
NOTE 1: It is recommended that the attributes being time-stamped are
encoded in DER. If DER is not employed then the binary encoding
of the ASN.1structures being time-stamped should be preserved to
ensure that the recalculation of the data hash is consistent.
NOTE 2: Each attribute is included in the hash with the attrType and
attrValues (including type and length) but without the type and
length of the outer SEQUENCE
The following object identifier identifies the time-stamped-certs-crls- The following object identifier identifies the time-stamped-certs-crls-
references attribute: references attribute:
id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1) member id-aa-ets-certCRLTimestamp OBJECT IDENTIFIER ::= { iso(1) member
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 26} us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 26}
The attribute value has the ASN.1 syntax TimestampedCertsCRLs : The attribute value has the ASN.1 syntax TimestampedCertsCRLs :
TimestampedCertsCRLs ::= TimeStampToken TimestampedCertsCRLs ::= TimeStampToken
 End of changes. 16 change blocks. 
23 lines changed or deleted 42 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/