7.12 Extensions dictionary's BaseVersion limits extension applicability

[bsanchezb]

Describe the bug

There are certain standards defining new dictionaries or extending PDF's functionality, such as ISO 32001-2022, ISO 32002-2022, etc. and last but not least ETSI EN 319 142-1 for PAdES signatures.

The latter defines a few extension dictionaries to be used for incorporation of /DSS dictionary or a use of ETSI.CAdES.detached SubFilter, as follows:

<</ESIC 
       <</BaseVersion /1.7  
          /ExtensionLevel 1 
        >> 
    >>

and

<</ESIC 
       <</BaseVersion /1.7  
          /ExtensionLevel 2 
        >> 
    >> 

respectively.

Both extensions contain a /BaseVersion field with a value "1.7".

ISO 32000-1 (and ISO 32000-2 as well) has the following description of the attribute:

7.12.3 BaseVersion The value of the BaseVersion entry shall be a name and shall be consistent with the syntax used for the Version entry value of the catalog dictionary (see 7.7.2, "Document catalog dictionary"). The value of BaseVersion, when treated as a version number, shall be less than or equal to the PDF version, both in the document header (see 7.5.2, "File header") and the catalog dictionary Version key value, if present. The value of BaseVersion may be different from the version number in the document header or that supplied by the Version key in the catalog dictionary. This is because it reflects the version of the standard that has been extended and not the version of this particular file.

Which basically means that one is allowed to use the aforementioned extensions only for the PDF document of version 1.7 or higher, as overwriting of /Version value within a catalog dictionary does not bring any benefit (as both values shall match the requirement, so overwriting does not make sense as document header does not change).

This makes the extensions with a BaseVersion 1.7 not applicable in practice for PDF documents produced with a lower version (e.g. 1.4, 1.5, etc.).

The same applies for ISO 32001 and ISO 32002, defining extension dictionary entries with a /BaseVersion 2.0, making them inapplicable for older PDF documents.

This brings a question, whether inclusion of the extension thus breaking the /BaseVersion's requirement or omitting the extension while applying certain customizations from the referenced standards is actually better for interoperability of the PDF document produced with a lower version?

Not applying the standards at all, such as ETSI EN 319 142-1, is practically impossible for creation of valid PAdES LTV signatures.

Therefore, what would be the best way to proceed with the aforementioned /Extensions dictionaries? Maybe the ISO 32000-1/-2 does not define what it intends to?

Additional context The initial question about the /Extensions dictionary was brought at EU eSig DSS JIRA (see DSS-2392).