-
-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document XAdES certificate trust and timestamp validation procedures #211
Comments
For EU eSignature applications, the EU publishes what looks like the complete list of trusted X509 certificates in the EU LOTL: https://ec.europa.eu/tools/lotl/eu-lotl.xml - unclear if we should support this directly or instruct users to configure their system trust store. If we support this directly, we should support loading any DSS trusted list from an XML URL in the "TLSource" format described in https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#TrustedLists |
For timestamp verification requirements, see RFC 3161 Appendix B:
|
RFC 5816: 2.1. Changes to Section 2.4.1, Request Format Last paragraph on Page 5. Old:
New:
2.2. Changes to Section 2.4.2, Response Format 2.2.1. Signature of Time-Stamp Token Fifth paragraph on Page 8, just before the definition of TSTInfo. Old:
New:
2.2.2. Verifying the Time-Stamp Token Third paragraph on Page 11. Old:
New:
3. Security Considerations This document incorporates the security considerations of RFC 5035 ESSCertID provides a means based on the SHA-1 hash algorithm for The update provided by this document is motivated by reasons of |
For timestamps, see: https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html#Timestamps
For signer, support and document support for any RFC 3161 compatible timestamp authority server, with the default set to one of the entries in https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710.
The text was updated successfully, but these errors were encountered: