[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks

To: <Ulrich.Pordesch@xxxxxxxxxxxxxxxx>, <ietf-ltans@xxxxxxx>
Subject: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
From: "HOUSSIER Loic RD-MAPS-ISS" <loic.houssier@xxxxxxxxxxxxxxxxx>
Date: Thu, 16 Dec 2004 15:57:22 +0100
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Sender: owner-ietf-ltans@xxxxxxxxxxxx
Thread-index: AcTewSMNJ+OTVbjfRgylStL26+rhSQCZUsoQAAIoUsAAk60/UA==
Thread-topic: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks

Thank You for the answer.
Comments below.

Loīc 

 



> In an inhouse environment LTA is a service for an application 
> system. E.g.
> inhouse environment is a hospital, LTA is document management 
> or archive
> system and application system is a medical system used for 
> generation of
> medical documents and signing them by doctors. 
> In this case only evidence records are needed to verify, that archived
> documents existed at a certain point in past - e.g. before 
> signature and
> hash-algorithms used in it got weak or certificates in it 
> were revoked.
> Acknoledgement is useful to have an indication, that storing 
> was accepted
> and successful. But no proof for document delivery is needed, 
> therefore no
> signed acknoledgements are needed.

[LH]So, there is case where signed notification is not needed. But if there is some use-case where it is, shouldn't it be consider ?


> 
> If archive service is an external by a service provider, 
> proof of delivery
> using a signed acknowledgement might be helpful. Problem is, 
> that signed
> acknowledgement is valid only a relatively short time. It 
> will loose its
> value of evidence over long periods of time (up to 10 or more years),
> because hash- and signature algorithms in it will get weak 
> and certificates
> expire. Archive service provider possibly could therefore 
> repudiate this
> acknowledgement after lets say 20 or 30 years if he wants to. 
> Sending signed acknowledgement to another service provider who has to
> archive it would leed us to recursive and in effect very 
> complex solutions.

[LH] Can't we imagine a TAA sending signed-notification each time the precedent one becomes invalid ? I see TAA as trusted authority, then I can believe that it must send me notification when new ones are needed.


> Therefore we prefer other strategies like protocols and 
> external audits of
> archive service providers to avoid successful repudiation of delivery.

[LH] Not sure that I understand your words. " avoid succesfull repudiation of delivery" means "avoid sucessfull repudiation of reception"? What we need I think is to be sure that the data send are well archived. Am I wrong ?

 
> Last but not least it would not be acceptable for users that 
> he must store
> signed acknoledgements for every (maybe little) document he 
> delivered to an
> archive service provider. If he wants to avoid to store 
> documents by using
> an archive provider and has to store signed acknoledgements - 
> were is the
> benefit?

[LH] With the idea of sending signed notification when needed, user (of TAA) only get one thing from the TAA, as with the acknoledgement.

> Storing a little index like a hash value or an integer should 
> be sufficient
> to retrieve archived documents. 

[LH] that little index or hash value couldn't be in the signed-notification ?

Prev by Date: Re: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Next by Date: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Previous by thread: Re: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Next by thread: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Index(es):
- Date
- Thread