Carl Wallace schrieb:
OK, I agree. Since our data structures allow this anyway, we will recommend for an easy policy handling that a policy should also contain the evaluations of all algorithms which are no longer valid. But it's up to the publisher to decide to do so.<snip>- The assumption in Section 3.2 that one must find an old policy in order to determine if an algorithm was valid at a point inthe past istoo complicated. Suitability definitions should accumulate in a single policy definition. An enterprise could maintain several policies. For example, one complete, one current and onepast policy could be maintained.In our notion, the policies are published by specific institutions (e.g. annually) and one policy represents the evaluations based on current knowledge (e.g. on current findings, RSA with 1024 bit key length could be valid until end of 2007, but next year a new policy could be published which states that RSA 1024 is valid until end of 2008). To expect, that a policy also contains all past evaluations of an algorithms could be error-prone. In our opinion, the question, if the evaluation of an algorithm in an old policy is different from that in the current policy is primarily important in law cases. And there you cannot trust, that the current policy correctly quotes past evaluations, instead you will have to look in the old policy.I wasn't suggesting that a policy contain all past evaluations. I was suggesting that the current policy would contain the current position with regard to an algorithm's life span, even if the algorithm is no longer viable, and that's the only thing that matters. I don't see the value in referring to an old policy since the position on an algorithm can change over time. Using your example, in my opinion, the only thing that matters to the verifier is what the current position is with regard to an algorithm. The fact that an algorithm's expected life span at the time a signature was generated was thought to be shorter than it turned out to be isn'timportant.
But never the less, in our opinion there is at least one case for consulting old policies: Assume the current (2007) policy states that RSA 1024 is valid until end of 2008. Because of this policy, an archive service today doesn't renew signatures created with RSA 1024. Next year (2008), a new policy will be published which retroactively repositions the validity of RSA 1024: The new policy states that RSA 1024 has only been valid until mid of 2007. That means, in 2007 RSA 1024 signatures could have been forged and therefore the archive service should have done the renewal already in 2007. Now in 2008 the archive service must attest that he acted correctly and that he fulfilled his duty to take care although he has not timely renewed the RSA 1024 signatures. And therefore he needs the old (2007) policy which says that according to the knowledge at that time, the algorithm was valid and he acted correctly. He cannot use the current (2008) policy because this policy states that the algorithm has only been valid until mid 2007.
Regards Thomas
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature