Re: [SignServer-develop] About timestamp response

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 03/08/2016 02:55 PM, Martin Kannel wrote:
> Hi Markus!
> 
> Thanks for quick reply!
> 
> On 08.03.2016 15:31, Markus Kilås wrote:
>> On 03/08/2016 01:57 PM, Martin Kannel wrote:
>>> I'd like to ask is there possibility to configure SignServer
>>> (TimeStampSigner) so, that timestamp responses contain always the
>>> extension "qcStatements" with the value "esi4-qtstStatement-1"? If yes,
>>> then how?
>>>
>>> (I saw only ACCEPTEDEXTENSION parameter in the manual, but that's not
>>> it?)
>> Maybe not exactly what you want but I think the idea with
>> ACCEPTEDEXTENSIONS would be that if the request contains an extension
>> with that OID it would be included (copied) to the response.
> Yes, you're right, that's not what I need, but it's good to know that if
> the request contains an extension with the OID, then it is copied to the
> response.
> I'll try to test it.
>>> That kind of requirement may be raised when applying ETSI EN 319 422
>>> V1.0.0 standard (see chapter 9.1):
>>> "When a time-stamp token is a qualified electronic time-stamp as per
>>> Regulation (EU) No 910/2014 [i.3], it should contain one instance of the
>>> qcStatements extension with the syntax as defined in IETF RFC 3739
>>> [i.5], clause 3.2.6. If the qcStatements extension is present, it shall
>>> contain one instance of the statement "esi4-qtstStatement-1" defined in
>>> annex B."
>>>
>> If the qcStatements OID is included in ACCEPTEDEXTENSION and the request
>> contains it then I think it would be included.
>>
>> I haven't looked into those documents yet but if I understand what you
>> have sent the TSA should add the extension itself and not take it from
>> the request, right?
> Yes, right.
> I understand those documents the same way. The addition of this
> extension should be time-stamp token's (timestampstigner) responsibility.
> 
> Any chance it would be implemented in one of the future releases of
> SignServer? :-)

It is not currently on the roadmap but we are always interested in
contributions in case you would like to implement it and supply the
patches.

Otherwise, in case you would like us to implement it you can send a
request to start the discussion about it with sa...@pr... .

BR,
Markus
PrimeKey

PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information.
https://www.primekey.se/Services/Support/
https://www.primekey.se/Services/Training/

> 
> Regards,
> Martin
> 
>> BR,
>> Markus
>>
> 

-- 
Kind regards,
Markus Kilås
PKI Specialist

PrimeKey Solutions AB

Lundagatan 16
SE-171 63 Solna
Sweden

Phone: +46 70 424 94 85
Email: mar...@pr...

https://www.primekey.se