OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Comments on Requirements Draft

....

Can I have one more go on this: I understand that the requirement is to be
able to differentiate time-stamps from other DSS signatures.  One mechanism
is to make the format different, but other technique, such as having a type
identifier makes this much more explicit.


(Trevor - see also other minor point below)

>
> >Section 3.2.2, inclusion of the signing time within a signature is
> >discussed.  Options here include using a "time mark" signed
> attribute or a
> >"time stamp" unsigned attribute from a third party.  I think we should
> >mention somewhere in this document, perhaps just in this section or
> >perhaps in a new section on time stamps, that our protocol must also
> >support obtain the "time stamp" from the 3rd party.  This protocol could
> >be used by a client directly to obtain a timestamp on an existing
> >signature, or by the DSS to obtain a timestamp on and inclusion in a
> >signature that it is creating.  On the conference call on Monday we
> >discussed possibly supporting time stamps that simply use a time
> mark in a
> >conventional signature as well as having a separate token syntax
> for third
> >party tokens.  I think that this is probably a good idea and this
> >requirement for two different formats should probably be
> captured as well.
>
> I'll put that in, since that seems a good compromise, unless anyone wants
> to keep discussing it.

A time-stamp can only be the current time.  I suggest that calling it a time
mark would also cause confusion.  A completely different semantics should be
given to this time e.g. "Assumed signing time used for verification" (sorry
I couldn't think of a snappy name).

>
>
> >In Section 3.7.4 it would probably also be useful for the server
> to return
> >the time in the past that it used to verify the signature if it was not
> >simply verified at the current time.
>
> So we need two timestamps/marks, in that case? - one for when the
> verification was performed, one for what time the server was verifying at?
>

Nick

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]