Re: [SignServer-develop] About timestamp response

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 03/08/2016 03:02 PM, Markus Kilås wrote:
> On 03/08/2016 02:55 PM, Martin Kannel wrote:
>> Hi Markus!
>>
>> Thanks for quick reply!
>>
>> On 08.03.2016 15:31, Markus Kilås wrote:
>>> On 03/08/2016 01:57 PM, Martin Kannel wrote:
>>>> I'd like to ask is there possibility to configure SignServer
>>>> (TimeStampSigner) so, that timestamp responses contain always the
>>>> extension "qcStatements" with the value "esi4-qtstStatement-1"? If yes,
>>>> then how?
>>>>
>>>> (I saw only ACCEPTEDEXTENSION parameter in the manual, but that's not
>>>> it?)
>>> Maybe not exactly what you want but I think the idea with
>>> ACCEPTEDEXTENSIONS would be that if the request contains an extension
>>> with that OID it would be included (copied) to the response.
>> Yes, you're right, that's not what I need, but it's good to know that if
>> the request contains an extension with the OID, then it is copied to the
>> response.
>> I'll try to test it.
>>>> That kind of requirement may be raised when applying ETSI EN 319 422
>>>> V1.0.0 standard (see chapter 9.1):
>>>> "When a time-stamp token is a qualified electronic time-stamp as per
>>>> Regulation (EU) No 910/2014 [i.3], it should contain one instance of the
>>>> qcStatements extension with the syntax as defined in IETF RFC 3739
>>>> [i.5], clause 3.2.6. If the qcStatements extension is present, it shall
>>>> contain one instance of the statement "esi4-qtstStatement-1" defined in
>>>> annex B."
>>>>
>>> If the qcStatements OID is included in ACCEPTEDEXTENSION and the request
>>> contains it then I think it would be included.
>>>
>>> I haven't looked into those documents yet but if I understand what you
>>> have sent the TSA should add the extension itself and not take it from
>>> the request, right?
>> Yes, right.
>> I understand those documents the same way. The addition of this
>> extension should be time-stamp token's (timestampstigner) responsibility.
>>
>> Any chance it would be implemented in one of the future releases of
>> SignServer? :-)
> 
> It is not currently on the roadmap but we are always interested in
> contributions in case you would like to implement it and supply the
> patches.
> 
> Otherwise, in case you would like us to implement it you can send a
> request to start the discussion about it with sa...@pr... .
> 
> 
> BR,
> Markus
> PrimeKey
> 
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se or contact
> in...@pr... for more information.
> https://www.primekey.se/Services/Support/
> https://www.primekey.se/Services/Training/
> 
>>
>> Regards,
>> Martin
>>
>>> BR,
>>> Markus
>>>
>>
> 
> 
> 

Hi,

Just to let you all know that the implementation with support for the
qCStatement extension has been scheduled in
https://jira.primekey.se/browse/DSS-1165 and will most likely be
available in the next release of SignServer Enterprise.

Regards,
Markus
PrimeKey Solutions