Closed frayus closed 5 years ago
RexJaeschke
commented
5 years ago 2019-03-25 F2F Meeting in Milan:
This revision of the OPC is intended to clarify the existing spec, and not to add new functionality. As such, your suggestion is outside the scope of this project. That said, Japan intends to consider your input in its proposal to extend OPC to better support digital signatures in future.
dcleblanc
commented
5 years ago This depends on which timestamp. There could be more than one. The timestamps are constructed as per the XAdES specification which applies. That said, we never implemented countersignatures, and I would have to check the standard to see if and when a timestamp should cover them.
A SignatureTimeStamp element does not cover a CounterSignature element. The SigAndRefsTimeStamp element also does not cover any CounterSignature elements. An archive timestamp, which is not implemented in Office, must cover CounterSignature elements.
In addition, because CounterSignature element behavior (parallel vs. serial, etc) has not been defined or implemented for these documents to date, I would be cautious about adding any constraints within this standard, except to say that an implementer MAY use additional facets of the XAdES standard.
The XML signature for the timestamp should include information about using a countersign timestamp signature, along with including the KeyInfo x509Data of the countersign.