OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Timestamping

Karel;

> It is true that linked timestamps can carry a time value, but I'm not
> sure that the timestamp checking algo requires the inspection of that
> time value. For the Surety timestamps, I guess the time value is
> essential and the linking is (only) used to make sure that the TSA
> doesn't cheat. 

Yes, but in order to verify the linking the client must obtain the linking
verification information from the TSA.  This information must be protected
for authenticity and integrity.  In most environments this will require
verification of a signature.  Thus, in order to verify the time value, a
signature will normally need to be verified.  

Of course, we should probably wait until Dimitri posts the details of how
his proposed scheme will work, in practice, before making any judgements.

> Moreover, although Sign(hash, time) without linking seems 
> more simple, it
> has some problems:
> - The TSA can back-date any signature/document.

True.  But our assumption is that the TSA is a Trusted Third Party.  Like
any Trusted Third Party there are things that we implicitly trust it to do.
For a TSA, trusting it to include the correct time is not overly burdensome.
Similarly, we trust CAs to not issue bogus certificates.

> - Suppose the signature algo of the signature and the 
> timestamp are the
>   same (eg RSA). If the algo is broken, the timestamp is also broken.

True.  However in practice an algorithm like RSA is unlikely to fall
completely in one instant.  It is likely that key sizes will gradually
increase.  Thus, it would be prudent to use a TSA that has a substantially
larger key size than was used to create the original signature.

> - What happens if the TSA's keys are compromised?

Then the TSA's certificate would get revoked and its signatures would not
verify.  This is why a TSA must implement security precautions similar to
that of a CA.

> - What happens if the TSA stops it's business and I need my 
> signature to
>   be valid for another 30 years? (XAdES)

The TSAs Practice Statement would have to deal with how it would wind up its
business.  I would assume that it would securely destroy its private key and
thus there would be no need to necessarily revoke it's certificate.  Its
tokens could be verified for the validity period of the certificate.  

I would add however that most of the above concerns also apply to the
various linking protocols.  These protocols rely on substantial distribution
of the linking/verification information to authenticate the tokens.  In
practice however a client will not check authentic back issues of the New
York Times to obtain these values, but will obtain them from some sort of
authenticated repository (possibly operated by the TSA).  Thus, there is
still reliance on digital signature techniques to verify the token.

	Robert.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]