Long term archival
How should an organisation selects appropriate signature profiles to meet require short term and long-term preservation requirements?
For short-term verification purpose, CMS or PKCS7 Signature Profiles can be used. However if the signatures are required to be verified after a long period, it is recommended to use long term signature formatsController of Certifying Authorities, Ministry of Electronics and Information Technology, Delhi (XADES, CADES or PADES) as mentioned in the End Entity Signature Rules.(Ref Rules GSR 660(E), dated 25 Aug 2015)
What are the requirements for long term verification of signatures?
For long term verification of signature, the signature formats specified for long term archival should be used. Timestamping used in this process establishes that the signature was created at a given moment in time.
In the case of long term archival signature formats, CA CRL can be part of signature. CRLs of CAs are large in size and including it in each signature consumes space. What are the alternate arrangements?
Storage of Online Certificate Status Protocol (OCSP) response received at the time of Signature creation can be an alternate option.