RE: [dss] Timestamping

["Dimitri Andivahis" <dimitri@surety.com>]

Karel,

> -----Original Message-----
> From: Karel Wouters [mailto:Karel.Wouters@esat.kuleuven.ac.be]
> Sent: Wednesday, April 02, 2003 7:30 AM
> To: Dimitri Andivahis
> Cc: dss@lists.oasis-open.org
> Subject: RE: [dss] Timestamping
> 
> 
> Dimitri,
> 
> thanks for the clear text. Something like this should be included in the
> ISO document itself. (atmof, why didn't you include it ?)
> 
> I have some remarks/questions:
> You say:
> > In all linking schemes, simple or accumulated, if the verification
> > result code is success, the timestamp is proved to
> > have participated in the linking operation of the TSA
> > at the time value included in the token itself.
> 
> doesn't this ignore the more powerful functionality of linking schemes?
> What you define here is linking schemes with absolute temporal
> authentication.
> Some authors of linking schemes have an entirely different approach:
> linking schemes are to be used for _relative_ temporal authentication,
> meaning that you can only compare two time-stamps. Moreover, absolute time
> indications can be inaccurate. A TSA could, for example, stop issuing
> time-stamps for an hour, and then continue with time-stamps backdated by
> an hour.
> 
> Just wondering, because some of those schemes (Lipmaa, Buldas et al. )
> also fit into the ISO 18014-3 FCD.

I think my statement was correct in the context of ISO/IEC 18014-3.
It was also addressing Robert's remark in an earlier message 
(http://lists.oasis-open.org/archives/dss/200303/msg00021.html)
that "[the] linking methods, by themselves will only tell 
a relying party that a timestamp was issued in the time between 
the issuance of two other timestamps."  

This in no way precludes us from using linking schemes as defined
in ISO/IEC 18014-3 to prove relative temporal authentication for
timestamp tokens issued by the same TSA or cooperating TSAs, 
including in the case of the linking schemes proposed by 
Lipmaa, Buldas et al.  This is indeed a powerful functionality 
of the linking schemes, and it allows relying parties 
to make strong assertions about the relative temporal ordering 
of the tokens even in a case where the TSA's time keeping may be 
deemed unreliable.

> 
> Also, what about the patents by Surety on these schemes?
> (or: what are the "openly specified, reasonable, non-discriminatory
> terms." of Surety about this?)
> 
> Karel.
> 

As I posted in an earlier message, Surety will submit a letter
to OASIS stating that it will offer reasonable, non-discriminating, 
worldwide licensing terms for the patents it controls.  I don't have 
any additional information at this point.

Dimitri