[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on Requirements Draft
.... Can I have one more go on this: I understand that the requirement is to be able to differentiate time-stamps from other DSS signatures. One mechanism is to make the format different, but other technique, such as having a type identifier makes this much more explicit. (Trevor - see also other minor point below) > > >Section 3.2.2, inclusion of the signing time within a signature is > >discussed. Options here include using a "time mark" signed > attribute or a > >"time stamp" unsigned attribute from a third party. I think we should > >mention somewhere in this document, perhaps just in this section or > >perhaps in a new section on time stamps, that our protocol must also > >support obtain the "time stamp" from the 3rd party. This protocol could > >be used by a client directly to obtain a timestamp on an existing > >signature, or by the DSS to obtain a timestamp on and inclusion in a > >signature that it is creating. On the conference call on Monday we > >discussed possibly supporting time stamps that simply use a time > mark in a > >conventional signature as well as having a separate token syntax > for third > >party tokens. I think that this is probably a good idea and this > >requirement for two different formats should probably be > captured as well. > > I'll put that in, since that seems a good compromise, unless anyone wants > to keep discussing it. A time-stamp can only be the current time. I suggest that calling it a time mark would also cause confusion. A completely different semantics should be given to this time e.g. "Assumed signing time used for verification" (sorry I couldn't think of a snappy name). > > > >In Section 3.7.4 it would probably also be useful for the server > to return > >the time in the past that it used to verify the signature if it was not > >simply verified at the current time. > > So we need two timestamps/marks, in that case? - one for when the > verification was performed, one for what time the server was verifying at? > Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]