draft-ietf-ltans-reqs-02.txt: comments

[<ulrich.pordesch@xxxxxxxxxxxxxxxxx>]

Tobias

At the moment I can not answer to all the comments from Denis in detail, as
the comments are submitted quite shortly and although vehemently argued, but
unfortunately in many cases missing arguments why such things are needed and
what the benefit for specific use cases is.

As far as I understand, Denis basically has two concerns most of his
proposed changes are based on:

1. He wants a cryptographically secured proof of origin for the data, that
can be used for an infinite time which user has submitted the data and to
which archive provider the data has been submitted. Such a proof is not
necessary for the named urging practical use cases as the conservation of
evidence (value of proof) of signed documents, but would call for
unnecessarily complex procedures/solutions. For the submitting entity itself
a signed document that confirms that he has submitted the data is not usable
for the long term, as the value of proof of such a signature will also loose
its value because of the known and discussed reasons.
Possibly some particular use cases exist, which require to be able to proof
to a third party that data is from a specific person, as e.g. specific
notary services for intellectual property or copy right questions. But those
should be treated and solved separately.

2. Denis is introducing the term "Maintenance Policy", that should become a
part of the Archive Policy. This term for a concept that has already been
mentioned in the paper is ok, but I think the definition of parameters, the
intermixture with Signature Policies and other proposals are problematic and
should be discussed in detail. The requirements paper is not the right place
to discuss this topic in detail. We can incorporate this term and some
ideas, but should leave the specification of the details to a separate paper
especially dedicated to this question.