OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ebxml-msg] Investigation Required: Trusted Timestamp

Add to the mix the OASIS Digital Signature Services TC, which has as
part of its charter:

  "[T]he TC will develop an XML-based protocol to produce cryptographic
  time stamps that can be used for determing whether or not a signature
  was created within the associated key's validity period or before
  revocation. This is required as part of the signature verification
  algorithm."

Such a protocol is outside our scope, but presumably they have defined
a signed timestamp element that could be inserted into a message.

Does ebMS have a delegate to the Security Joint Committee?  We might
poll them to get opinions on this.

--Pete

Thus spoke Dale Moberg (dmoberg@cyclonecommerce.com) on Thu, May 20, 2004 at 09:00:17AM -0700:
> I have looked at Internet X.509 Public Key Infrastructure Time-Stamp
> Protocol (TSP)
> http://www.ietf.org/rfc/rfc3161.txt
> 
> But I haven't seen anyone saying how or whether SOAP based
> communications makes use of
> (or more likely reinvents) the above service.
> 
> WSS does have a time stamp element, but I don't think it is geared to
> provide independent assurance that data existed before a given time like
> RFC 3161 does.
> 
> Should we reference RFC 3161? Maybe ask WSS TC if they plan on taking
> this topic up sometime? 
> Anyway I don't think there is any standard that has a lot of traction
> yet. Google showed that
> there could be some products out there that provide RFC 3161 support.
> 
> 
> -----Original Message-----
> From: Matthew MacKenzie [mailto:mattm@adobe.com] 
> Sent: Thursday, May 20, 2004 6:04 AM
> To: ebxml-msg@lists.oasis-open.org
> Subject: [ebxml-msg] Investigation Required: Trusted Timestamp
> 
> 
> 2.0 says: 
> 
> 
> "At the time of this specification, services offering trusted timestamp
> capabilities are becoming available. Once these become more widely
> available, and a standard has been defined for their use and expression,
> these standards, technologies and services will be evaluated and
> considered for use in later versions of this specification." 
> 
> 
> 3.0 should say: 
> 
> ? 

-- 
Pete Wenzel <pete@seebeyond.com>
Senior Architect, SeeBeyond
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]