AndersTornqvist
commented
3 years ago Is it possible for you to provide us with an example of a PDF that contains an SVT Token?
Hälsningar/Regards/Grüße
Anders Törnqvist
+46 (0)768 15 98 10
https://www.comfact.se/sv-se/Kontakt/Integritetspolicy Privacy Policy
From: Stefan Santesson notifications@github.com Sent: Thursday, 22 October 2020 09:59 To: swedenconnect/technical-framework technical-framework@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [swedenconnect/technical-framework] Bugfixes in SVT draft (#137)
A first IETF draft has been published for the SVT specification https://datatracker.ietf.org/doc/draft-santesson-svt https://datatracker.ietf.org/doc/draft-santesson-svt/?include_text=1
This draft fixes some bugs in the specification that need to bu updated here
- Some object classes are named wrong and does not match the specification text
- The chain_hash certificate reference concept is flawed in the current specification
The chain_hash concept is flawed since CMS provides an unordered SET of certificates, while the text demands the certificates to be hashed in exactly the order they appear in the signature. The problem here is that any code that extracts a SET of certificates from the signature, may return them in any order which may cause hash mismatch.
When writing the first draft, authors decided to change the concept and to instead hash individual certs in the validated chain with a strict order starting from the signature certificate and ending with the trust anchor cert, provided that all these certificates are present in the signature.
Finally, we should align som introductory text.
Once the IETF draft is accepted as an IETF work item, we may consider locking the draft here as version 1.0 and allow the IETF draft to evolve into version 1.1.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/swedenconnect/technical-framework/issues/137 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AF2UHSAOKY7FXHL3ZKS2PITSL7Q4ZANCNFSM4S22M3WQ . https://github.com/notifications/beacon/AF2UHSDSTDBLCXH37B2RUXLSL7Q4ZA5CNFSM4S22M3W2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4K2XMB7A.gif
A first IETF draft has been published for the SVT specification https://datatracker.ietf.org/doc/draft-santesson-svt
This draft fixes some bugs in the specification that need to bu updated here
The chain_hash concept is flawed since CMS provides an unordered SET of certificates, while the text demands the certificates to be hashed in exactly the order they appear in the signature. The problem here is that any code that extracts a SET of certificates from the signature, may return them in any order which may cause hash mismatch.
When writing the first draft, authors decided to change the concept and to instead hash individual certs in the validated chain with a strict order starting from the signature certificate and ending with the trust anchor cert, provided that all these certificates are present in the signature.
Finally, we should align som introductory text.
Once the IETF draft is accepted as an IETF work item, we may consider locking the draft here as version 1.0 and allow the IETF draft to evolve into version 1.1.