wothe
commented
3 years ago Open wothe opened 3 years ago
wothe
commented
3 years ago 
jccruellas
commented
3 years ago Good morning, I have been doing some indagations. And in fact you are perfectly right. CAdES does not restrict at all the inclusion of other not specified in the standard. Therefore, I will modify the tool so that it does not raise any error or warning...
I will keep you posted
Awwmygit
commented
1 year ago Would be great to have this fixed
jccruellas
commented
1 year ago Good afternoon Awwmygit.....
I first deeply apology for that...buried in work these period. I will take a look to it starting tomorrow and let you know asap
Juan Carlos
jccruellas
commented
1 year ago Good afternoon Awwmygit
I have been thinking about your proposal of CAdESCC not raising neither an error nor a warning when it hits an attribute that it does not know. I fully agree in that it should not raise an error, as I have pointed out CAdES spec marks this as not being an error. However I am not sure about not raising a warning.
The reason for this warning WOULD INDICATE ONLY THAT THE WARNING APPEARS THERE BECAUSE THE USER OF THE CADESCC IS WARNED THAT THE CADESCC CAN NOT CHECK ANYTHING ON THE ATTRIBUTE, NOT THAT THE ATTRIBUTE IS NOT ALLOWED, OR DISCOURAGED.
In other words, if the CC gives a green, very likely the user will not read any message...and therefore he will not be aware that one of the attributes has not been checked by the CC....
The counterargument for my reasoning could be: "OK, but EVERYONE should be aware that the CC is NOT GOING TO CHECK ANY OTHER ATTRIBUTE THAN THE ONES THAT ARE SPECIFIED IN CADES". In that case, I would admit to give a green (and add the message that the CC has not checked).
PSD: At present, I have a local version that gives a yellow (Warning). Let us make some quick exchange and see if we can arrive to a conclusion. Another thing that I can do is to check with ESI TC members; in the end is ESI TC the one that has standardized CAdES.
Regards Juan Carlos
Case: additional attributes without regulation by ETSI treated as error, not correct
39.Error An additional attribute at signed attributes should be no warning or error, when not specified not allowed: • OID (9) - 1.2.840.113549.1.9.52 (id-aa-CMSAlgorithmProtection) We get warning/error on this attribute, that is not part of any CMS/CAdES specification about restriction on basic or epes, so I think the checker should accept and place a hint or info on any unknown attribute, but should accept it without warning or error.