OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Timestamping Profile Q 3/3: Using signatures to authenticate DSS servers

I would expect a client to generally check the signature on a time-stamp
even if accessing via SSL/TLS.

So I prefer the approach taken in RFC3161 with a nonce.

Nick

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net]
> Sent: 12 January 2004 20:42
> To: dss@lists.oasis-open.org
> Subject: [dss] Timestamping Profile Q 3/3: Using signatures to
> authenticate DSS servers
>
>
>
>
> It's possible for the client to authenticate a
> signing/timestamping server
> by verifying the returned signature/timestamp.  This is more
> efficient than
> using a separate signature, or negotiating TLS.  This approach
> does require
> a nonce to be sent by the client, and placed in the returned signature -
> see Tim's point #4:
> http://lists.oasis-open.org/archives/dss/200308/msg00015.html
>
> I think this is how RFC 3161 is usually deployed.  In fact, this approach
> could work with *any* use of the signing protocol, if you add
> nonces to the
> signing requests and returned signatures.  However, the
> efficiency gain has
> some downsides:
>   1) in the case of errors, the server's result codes aren't authenticated
>   2) any unsigned signature attributes or other signature parts (e.g.
> <ds:KeyInfo>) aren't authenticated
>   3) any returned optional outputs aren't authenticated
>   4) compared to, say, TLS, there's less confidentiality
>   5) The client has to know how to verify the returned
> signature/timestamp.  For example, a timestamping server couldn't return
> just any type of <dss:Timestamp>, it would have to return a
> particular type
> that the client knows about.
>
> So should we encourage this optimization?  Discourage it?  Allow
> for it, by
> adding a <Nonce> optional input to the signing protocol?
>
> For now, the timestamping profile says to use
> server-authenticated TLS.  I
> vote against this optimization, because it seems a little dangerous and
> violates the layering which lets the client be indifferent to the
> particular types of signatures and timestamps the server returns.
>
>
> Trevor
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
kgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]