RE: Alternatives for Long Term Archiving

["Santosh Chokhani" <chokhani@xxxxxxxxxxxx>]

Tobias:

You have the summary correct.

If a party wants to store a document in its system at a single point, why do
we need timestamps at all and further more why do we need to refresh them?
I thought their purpose was to provide protection against a rogue TAA.

If want single party to be in charge, we can just store the data.  No crypto
is needed.

-----Original Message-----
From: Tobias Gondrom [mailto:tobias.gondrom@xxxxxxx] 
Sent: Thursday, April 01, 2004 12:48 PM
To: 'Santosh Chokhani'
Cc: ietf-ltans@xxxxxxx
Subject: RE: Alternatives for Long Term Archiving


Santosh,

It's a bit hard for me to understand all the benefits from the n-of-m-split
and why to use it. 

If you don't mind I try to bring up what I took from the discussion so far
and you correct my misunderstanding:

1. n-of-m-split is not instead of ERS data structures - it is in addition ?
(what I take from your mail to Antje) 2. n-of-m-split shall provide the
security that the data is unchanged based on the idea that it is not
possible to tamper all the TAA where the data is stored - or at least not
the majority ? 3. n-of-m split has in mind some kind of High availablity and
redundancy (like RAID systems ?) using a highly distributed infrastructure -
some kind of P2P network ??? 


Some thought about that from my point of view:
>From the business perspective I clearly doubt that any company - and
probably not even a private person - would love to risk it's documents on an
infrastructure not fully under it's control or that not at least can't be
held fully reliable for the storage of the document. 
Of course within companies and institutions the distribution and redundancy
of data is clearly wanted and today already done (e.g. RAID systems etc.) -
so the risk to loose a document is something that the solutions already
available today can handle quite good. (just talk with some storage vendors
- like I had to do during the last months - and you will find that they are
doing quite a good job at that.)


Probably I missed something important, so please help me a little bit to
understand.


Tobias
Chair of LTANS




> -----Original Message-----
> From: Santosh Chokhani [mailto:chokhani@xxxxxxxxxxxx]
> Sent: Thursday, April 01, 2004 17:47
> To: ietf-ltans@xxxxxxx
> Subject: RE: Alternatives for Long Term Archiving
> 
> 
> 
> Ulrich:
> 
> To solve the problem, if the person who feels that the
> evidence may be needed (e.g., the client) can obtain a time 
> stamp, get all appropriate trust anchors, certificates, 
> revocation information attached, split n of m and submit to 
> the archives.  Then, when the evidence needs to 
> reconstructed, n TAAs can supply their shares to construct 
> the original with all the signatures and time stamps.
> 
> Why would that not be simple or meet the German Law?
> 
> -----Original Message-----
> From: owner-ietf-ltans@xxxxxxxxxxxx
> [mailto:owner-ietf-ltans@xxxxxxxxxxxx]
> On Behalf Of Ulrich Pordesch
> Sent: Thursday, April 01, 2004 9:29 AM
> To: ietf-ltans@xxxxxxx
> Subject: AW: Alternatives for Long Term Archiving
> 
> 
> 
> Santosh:
> 
> Getting a proof of existence of data at a certain time in the
> past using (sequences/ chains of) time-stamps is an essential 
> part of the service and the reason, why we required this as 
> "must requirement" in requirements draft. Getting trust 
> relating to time- of existance by statements of a new kind of 
> trusted authorities (TAAs) is a completly other kind of 
> trust. This solution is not sufficient to conserve value of 
> evidence of signed documents in court, because there is no 
> law (in germany but also anywhere else, as I know), which 
> recognizes trusted archives like regulated/trusted time-stamp 
> authorities. I think we will never get such law, because 
> complex archive systems can not be evaluated to the same 
> degree as simple time-stamping-machines. Statements of TAAs, 
> provided by protocol, may be an additional useful features, 
> if there are users who need it.
> 
> 
> Ulrich
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: owner-ietf-ltans@xxxxxxxxxxxx
> [mailto:owner-ietf-ltans@xxxxxxxxxxxx] Im > Auftrag von Santosh Chokhani
> Gesendet: Donnerstag, 1. April 2004 15:32
> An: ietf-ltans@xxxxxxx
> Betreff: RE: Alternatives for Long Term Archiving
> 
> 
> 
> Brian:
> 
> I do not think trusted archive requires providing date and
> time service.
> 
> If the trusted archive requirement is to attest to the date
> of any document, then each TAA may put a date time stamp or 
> get date-time stamp from an authority and add proper trust 
> anchors, certificates and revocation information.
> 
> n of m only helps with integrity, availability, and provides
> protection against perceived collusion threat.
>  
> -----Original Message-----
> From: Brian Hunter [mailto:brian.hunter@xxxxxxxxxxxxxxxxx]
> Sent: Wednesday, March 31, 2004 6:41 AM
> To: Larry Masinter
> Cc: ietf-ltans@xxxxxxx; chokhani@xxxxxxxxxxxx
> Subject: Re: Alternatives for Long Term Archiving
> 
> 
> Larry or Santosh,
> 
> Could someone tell me how the n of m scheme replaces the need of an
> (accredited) time-stamping or time-marking service, when the date of 
> document existance must be proved?  Is it assumed that each 
> TAA simply 
> states (and signs) when the document existed and when n TAAs 
> state the 
> same date, this date is correct and trustworthy?
> 
> Regards,
> Brian
> 
> 
> 
> 
>