RE: Notary services requirements -- directions?

[Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>]

> 
> 
> Personally, I don't think we get into too much trouble
> using the word 'Notary' in the title of the working group
> or even in the title of a document here and there, as long
> as we're clear -- after all, it's a term that's been used
> already in the industry, and we're not particularly offering
> those services for sale, in any case. 
I tend to agree. 

> 
> I think the requirements document might note that the
> term may have restricted use in some legal jurisdictions,
> and I think it is reasonable to add some wording to that effect.

Would someone mind writing down a small paragraph that could
explain the issue, i.e., resume the last exchange of messages,
so we have something to be put into the RFCs but also I can
add this in a kind of disclaimer section in the web server
in order to avoid that in a few months new participants ...

> 
> Are time-stamping services associated with unsigned
> data out of scope, because they're already covered?

- Time stamping of signed data, i.e. digital signature is
  also already covered by existing proposals.

- I think we have several questions to clarify, like

  - what are "our" requirements of the stability of time stamps,
    i.e., currently they are at best the 'lifetime' of a
    hash function.

  - what means does archiving provide (or not), to cover
    long term, e.g., if I just have to archive invoices
    for about three months, i can live withe short term
    time stamping.
  
  (to be a litle bit provocative, current time stamps are not 
  good for long term IMO, since they were never intended as such)
 
> Are combined archive-and-certification services
> (which archive data and also provide for the certification
> of the data archived) out of scope?

- If we make it right, then we have just a combination of
  three quarks: Notarisation (voluntarily written with an s),
  Archiving, and Evidence creation/recording to do this. 
  Or, in other words, it is a particular use case of a
  combination of basic techniques. 

- The role of such a notary can just be "I perform the
  archiving, and certify that the "reference" returned
  from the archive. 
  Whether one consider this minimal notarisation as
  a front end client related service of the archive or
  as an independant service, seems to me an organisational
  matter, or, in other words, it depends on the client needs.

- There may be a lot of cases where the information (the
  references) provided by the archiver does not need to be 
  "secured" at lot when given to the client. That's why I
  think it is important to clearly distinguish between
  (more or less real time) security measures and the payload.

- As far as I have understood from discussions with notaries
  there is some particular kind of archive+notary application
  which is based on the observation that notaries (at least
  in some places) perform some information reduction, for 
  example, a 'signature validation' can be done in such
  a way that the notary collects all the validation data,
  performs the validation, time stamps all that, archives
  them, but just delivers a statement that everything is
  of+the refereces to the archive. in fact, the archived
  data correspond to his activity log. 

  This is somehow the exact opposite operation of what
  is provided by some profile of DVCS or by SCVP, where
  the validation data are returned by a service. Again,
  an information reducing notary would be able to ask
  an information collecting service (+ a validator) to
  provide the information, then all this can be archived,
  and a 'reduced' result produced.

  If one looks at such use cases as molecules, I wonder
  where are our atoms.

Peter