0007686: Use recommended certificate embedding option in part 83 spec for digital signatures

ID	Project	Category	View Status	Date Submitted	Last Update

0007686	Part 83: UAFX Offline Engineering [sg.OfflineEngineering]	Spec	public	2022-02-01 12:54	2022-04-08 14:01

Reporter	Emanuel Kolb	Assigned To	Emanuel Kolb
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	no change required
Product Version	1.00.00 RC2
Target Version	1.00.00 Release

Summary	0007686: Use recommended certificate embedding option in part 83 spec for digital signatures
Description	For OpenPackCon digital signatures to certificate embedding options can beuse: InSignaturePart or InCertificatePart (the option NotEmbedded is excluded in UAFX). The current spec uses InSignaturePart in an example, while Microsoft is recommending InCertificatePart. see: https://docs.microsoft.com/en-us/dotnet/api/system.io.packaging.certificateembeddingoption?view=windowsdesktop-6.0 The example in part 83 needs to be adapted and description should be updated for digital signatures.
Tags	Security

Emanuel Kolb 2022-03-15 09:57 manager ~0016374	Investigation showed that the <KeyName> and <KeyValue> fields only appear in the .net implementation of an InSignaturePart signature (System.IO.Packaging). Therefore there is no need to give a recommendation for InCertificatePart in the spec.

Emanuel Kolb 2022-04-08 14:01 manager ~0016552	review done in OE group

Date Modified	Username	Field	Change
2022-02-01 12:54	Emanuel Kolb	New Issue
2022-02-01 12:54	Emanuel Kolb	Status	new => assigned
2022-02-01 12:54	Emanuel Kolb	Assigned To	=> Emanuel Kolb
2022-03-04 09:05	Emanuel Kolb	Tag Attached: Security
2022-03-15 09:57	Emanuel Kolb	Status	assigned => resolved
2022-03-15 09:57	Emanuel Kolb	Resolution	open => no change required
2022-03-15 09:57	Emanuel Kolb	Note Added: 0016374
2022-04-08 14:01	Emanuel Kolb	Status	resolved => closed
2022-04-08 14:01	Emanuel Kolb	Note Added: 0016552