[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: EPM (was RE: [dss] freezing doc, and next steps)
Please refer to my responses to Trevor's questions below, marked with <UPU> -----Original Message----- From: Trevor Perrin [mailto:trevp@trevp.net] Sent: Sunday, June 01, 2003 10:13 PM To: Gray Steve; dss@lists.oasis-open.org Subject: EPM (was RE: [dss] freezing doc, and next steps) At 02:00 PM 5/30/2003 -0400, Robert Zuccherato wrote: >I have just posted to the TC website two documents from Steve Gray relating >to the USPS EPM. I would encourage TC members to take a look at these as we >will discuss the EPM at the meeting on Monday. > >The EPM Project Overview Powerpoint presentation is available at: >http://www.oasis-open.org/apps/org/workgroup/dss/download.php/2345/EPM%20Pr o >ject%20Overview%20May%202003%20V3Short.ppt > >What is the Electronic Postmark Word document is available at: >http://www.oasis-open.org/apps/org/workgroup/dss/download.php/2346/What%20i s >%20the%20Electronic%20PostMark%20V4.doc These docs give a high-level overview, and the schema gives low-level details. I'm still having trouble figuring out the middle level, of how the various operations fit together into usage scenarios, and what sort of key distribution and trust relationships are assumed. Here's what it seems like the primary use scenario is: - signer has cert, keypair - signer signs document with keypair - signer sends pkcs7 signature to EPM (using "Verify" / "ApplyPostmark") - EPM time-stamps (aka "post-marks") the signature, and returns it - EPM also retains the signature - Later on, the recipient receives the document - The recipient sends pkcs7 signature to EPM (using "CheckIntegrity") <UPU> "Verify" would be more appropriate in this scenario </UPU> - EPM compare pkcs7 with what it stored in its "non-repudiation log" There's also an "external Sign" where the EPM signs using a service-held keypair (and perhaps post-marks), replacing the first few steps. Also there's the ability to use XML-DSIG instead of PKCS7. Questions: - does the recipient have to contact the same EPM service the signer did? <UPU> No, the recipient (in Brazil) can contact the Brazilian EPM, even the though the Canadian contacted the Canadian EPM </UPU> - If so, and the EPM has to log everything, and compare against this log, why doesn't it just store the hash, what's the point of using public-key signatures? <UPU> I assume you are asking this question in the context of the CheckIntegrity. This context is too narrow and cannot be used to generalize. The CheckIntegrity operation was introduced to support Web-based form signing under the scenario where the subscribing application is serving the page to be signed to the client browser and the verification is going off to the EPM for verification. The application can subsequently reasssure itself that the data that it presented for signing was indeed what was actually signed by calling the EPM with a CheckIntegrity passing in the original data. Secondly, and more importantly, there exists no legally binding precedence for the validity of digital hashes, there is for digital signatures. </UPU> - does the "Verify" operation actually verify the signer's signature? <UPU> Yes, the EPM Verifies whatever was passed in on the PKCS7Data request element, usually the signer's signature. </UPU> - does the recipient ever call "Verify"? <UPU> Yes, this is the norm in the document signing, sending, and verifying model you described above. </UPU> If so, what's the difference between that and "CheckIntegrity"? <UPU> See explanation of CheckIntegrity in the Web form signing scenario described in my response above. </UPU> - what kind of CAs and PKI are assumed? <UPU> Technically, there are no assumptions outside of X.509v3 certs. Numerous CRL and CRL/DP approaches are supported. A chain of trust is assumed between senders and receivers. In the Postal deployment scenario, Postal CAs use the same, subordinate, or cross-certify to a Common Global Trust Model (CP and CPS) maintained by the UPU. </UPU> Can the signer use his current Verisign cert, or does he need a special EPM cert? <UPU> Chain of trust must be established. Again, in the Postal deployment scenario, this is assured. Certificate Subscribers will need to be authenticated via In Person proofing. It may be possible that a Post in a given country chooses to allow Verisign to provide the CA services </UPU> - will there be one EPM service per country or per smaller/larger regions? <UPU> Both of these scenarios are possible. </UPU> Will they be operated by the posts, or could a company/organization host its own? <UPU> They would have to be doing so under the authority and auspices of a Post, for example, as per the current arrangement between USPS and AuthentiDate </UPU> What sort of trust relationships do different EPM services have with each other? <UPU> The chain of trust is established more around the postally operated, outsourced or shared CA. The EPMs are pointed at the appropriate CA infrastructure based on the deployment model chosen by the hosting Post. </UPU> Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]