[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Discussion of notareqs document

To: Paul-André PAYS <paul-andre.pays@xxxxxxxxxx>
Subject: Re: Discussion of notareqs document
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Thu, 28 Oct 2004 17:29:45 +0200
Cc: ietf-ltans@xxxxxxx
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Organization: Bull SA.
References: <> <> <> <>
Sender: owner-ietf-ltans@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Paul-André,

Unfortunately, we have quite opposite personal views.

Denis

-- Denis Pinkas -- a dit, - le 28/10/2004 15:39:

Paul-André,

(text deleted)

This is another proof of the sound approach of LTANS which links "data certs" and "secure archived". Any "data cert" must not only be signed, but a detailed log entry must be archived in a secure way (non rewritable medium, hash linking). This mandatory combination was a major rationale of the openevidence project (the technical solution by then was a a combination of TSP RFC3061, DVCS RFC3029 and hash-linking)

There is no such mandatory comnbination for LTANS: data needs to be signed (and time-stamped) by the archive service, but the log is not intended to be used as an evidence.
I am exactly suggesting that it be.

We are preparing a requirements document and not some "a posteriori" rationale for a given protocol or service. My strong suggestion, based on several years activities for several customers, is indeed that the "certified archival" of "detailed and signed" log is a "must" for a large majority of actual applications and uses cases.

What the most "educated" or aware customers do require is a complete set of "evidence management" services. (What they call in France "Gestion de la Preuve" or "Administration de la Preuve"; what they will be able to exhibit in order to dissuade "others" to initiate a litigation, or whenever unsuccessfull, what they will be able to exhibit as evidence elements in a court).

My personal view of the whole justification of LTANS context is, as I am convinced that this type of requirements will be generalized, that the IETF succeeds in proposing and establishing standards that wil enable :
   1. technical interop between business partners
   2. technical interop between solution providers
   3. the judges and their expert to master the e-material (because it
      conforms to standard and because there exist tools enbling to
      manipulate them)
   4. the possibility of mutual recognition within a business community
And I have no longer any doubt that "certified archived logs" (more or less equivalent of the certified archival of requests and receipts) will be one of, if not, the most usefull component.

Denis

References:
- RE: Discussion of notareqs document
  - From: Carl Wallace
- Re: Discussion of notareqs document
  - From: Paul-André PAYS
- Re: Discussion of notareqs document
  - From: Denis Pinkas
- Re: Discussion of notareqs document
  - From: Paul-André PAYS

Prev by Date: Re: Discussion of notareqs document
Previous by thread: Re: Discussion of notareqs document
Next by thread: RE: Document submitted for draft-ietf-ltans-notareq-01.txt
Index(es):
- Date
- Thread