RE: EPM (was RE: [dss] freezing doc, and next steps)

[Gray Steve <steve.gray@upu.int>]

Please refer to my responses to Trevor's questions below, marked with <UPU>

-----Original Message-----
From: Trevor Perrin [mailto:trevp@trevp.net]
Sent: Sunday, June 01, 2003 10:13 PM
To: Gray Steve; dss@lists.oasis-open.org
Subject: EPM (was RE: [dss] freezing doc, and next steps)


At 02:00 PM 5/30/2003 -0400, Robert Zuccherato wrote:

>I have just posted to the TC website two documents from Steve Gray relating
>to the USPS EPM.  I would encourage TC members to take a look at these as
we
>will discuss the EPM at the meeting on Monday.
>
>The EPM Project Overview Powerpoint presentation is available at:
>http://www.oasis-open.org/apps/org/workgroup/dss/download.php/2345/EPM%20Pr
o
>ject%20Overview%20May%202003%20V3Short.ppt
>
>What is the Electronic Postmark Word document is available at:
>http://www.oasis-open.org/apps/org/workgroup/dss/download.php/2346/What%20i
s
>%20the%20Electronic%20PostMark%20V4.doc


These docs give a high-level overview, and the schema gives low-level 
details.  I'm still having trouble figuring out the middle level, of how 
the various operations fit together into usage scenarios, and what sort of 
key distribution and trust relationships are assumed.

Here's what it seems like the primary use scenario is:
  - signer has cert, keypair
  - signer signs document with keypair
  - signer sends pkcs7 signature to EPM (using "Verify" / "ApplyPostmark")
  - EPM time-stamps (aka "post-marks") the signature, and returns it
  - EPM also retains the signature
  - Later on, the recipient receives the document
  - The recipient sends pkcs7 signature to EPM (using "CheckIntegrity")

<UPU> "Verify" would be more appropriate in this scenario </UPU>

  - EPM compare pkcs7 with what it stored in its "non-repudiation log"

There's also an "external Sign" where the EPM signs using a service-held 
keypair (and perhaps post-marks), replacing the first few steps.  Also 
there's the ability to use XML-DSIG instead of PKCS7.

Questions:
  - does the recipient have to contact the same EPM service the signer did?
<UPU>
No, the recipient (in Brazil) can contact the Brazilian EPM, even the though
the Canadian contacted the Canadian EPM
</UPU>

  - If so, and the EPM has to log everything, and compare against this log, 
why doesn't it just store the hash, what's the point of using public-key 
signatures?

<UPU>
I assume you are asking this question in the context of the CheckIntegrity.
This context is too narrow and cannot be used to generalize. The
CheckIntegrity operation was introduced to support Web-based form signing
under the scenario where the subscribing application is serving the page to
be signed to the client browser and the verification is going off to the EPM
for verification. The application can subsequently reasssure itself that the
data that it presented for signing was indeed what was actually signed by
calling the EPM with a CheckIntegrity passing in the original data.
Secondly, and more importantly, there exists no legally binding precedence
for the validity of digital hashes, there is for digital signatures. 
</UPU>

  - does the "Verify" operation actually verify the signer's signature?

<UPU> Yes, the EPM Verifies whatever was passed in on the PKCS7Data request
element, usually the signer's signature. </UPU>

  - does the recipient ever call "Verify"? 

<UPU>
Yes, this is the norm in the document signing, sending, and verifying model
you described above.
</UPU>

 If so, what's the difference 
between that and "CheckIntegrity"?

<UPU>
See explanation of CheckIntegrity in the Web form signing scenario described
in my response above.
</UPU>

  - what kind of CAs and PKI are assumed? 

<UPU>
Technically, there are no assumptions outside of X.509v3 certs. Numerous CRL
and CRL/DP approaches are supported.
A chain of trust is assumed between senders and receivers. In the Postal
deployment scenario, Postal CAs use the same, subordinate, or cross-certify
to a Common Global Trust Model (CP and CPS) maintained by the UPU.   
</UPU>

 Can the signer use his current 
Verisign cert, or does he need a special EPM cert?

<UPU>
Chain of trust must be established. Again, in the Postal deployment
scenario, this is assured. Certificate Subscribers will need to be
authenticated via In Person proofing. It may be possible that a Post in a
given country chooses to allow Verisign to provide the CA services
</UPU>

  - will there be one EPM service per country or per smaller/larger 
regions?  

<UPU>
Both of these scenarios are possible.
</UPU>

Will they be operated by the posts, or could a 
company/organization host its own?  

<UPU>
They would have to be doing so under the authority and auspices of a Post,
for example, as per the current arrangement between USPS and AuthentiDate
</UPU>

What sort of trust relationships do 
different EPM services have with each other?

<UPU>
The chain of trust is established more around the postally operated,
outsourced or
shared CA. The EPMs are pointed at the appropriate CA infrastructure based
on the deployment model chosen by the hosting Post.
</UPU>


Trevor