Re: draft-ietf-ltans-dssc-00 comments

["todd glassey" <tglassey@xxxxxxxxxxxxx>]

Susanne
that doesn't make sense from either EU Laws or those of the US as well. 
Sorry if this is a like a bucket of very cold water in the face, but its 
time to wake up and smell the coffee... Any long term document storage and 
management protocol MUST take into account any and all laws which would 
constrain the operations and formulation of the proofing models it (said 
protocol) produces.

And within that global requirement, all evidence-standards pretty much 
require a 'full chain of custody' to be proven and without that, their 
content will not be admissible in the US Courts and any Court's the US has 
Joint Judicial MRA's with(Mutual Recognition Agreements).  As such the 
entire chain of custody and each signing and resigning needs to be resolved 
and proven or there is an imperfect history for the LTANS protected file.

While this may seem like its not something that is important the 'setting 
aside of this requirement' will in the US Make LTANS unusable since the 
Court's wont accept it as a reliable method of storing information. That 
means the ETSI TSA recommendation is PROBABLY also in jeopardy since it 
clearly violates the intent and scope of those same laws as well...

The funniest part is that this WG wants to take the word (and the consensus) 
of technical people who have NO EXPERIENCE in pursuing legal recourse for IP 
issues or the complexity and pain of that process, which is typical for the 
IETF... "We know everything" &  "Our consensus is always right".

The reality here is that without specific and very particular controls and 
legal processes LTANS isn't going to get used anywhere because the Audit 
Community cannot take the chance that the client's who use LTANS's wont be 
able to prove anything with it.



Todd Glassey

----- Original Message ----- 
From: "Susanne Okunick" <susanne.okunick@xxxxxxxxxxxxxxxxx>
To: "Tobias Gondrom" <tgondrom@xxxxxxxxxxxx>
Cc: <ietf-ltans@xxxxxxx>
Sent: Monday, September 10, 2007 6:50 AM
Subject: RE: draft-ietf-ltans-dssc-00 comments


Hello Tobias,

we agree with all of your remarks. Thanx.

We also don't see any complications regarding the legislation (at least
German law requires the renewal of signatures).

We are going to adapt our draft in this way, that a policy should also
contain expired algorithms. So for verfication only the current policy
is needed.

Best regards
Thomas and Susanne

> Hi Thomas, Susanne, Todd, Carl and all,
>
> Maybe a few thoughts about the discussed items:
>
> Starting with the simple things:
> I agree with Carls assessment that for the verification the critical
> information is the policy stating which algorithms had been valid from
> date a to date b. Period.
> I understand your idea of providing older policies to support the fact
> that an archive service did operate correctly, but this is not the main
> reason for the policy in the verification process.
> The main use for the policy is that any verification party can use it
> and check an ERS or other signatures whether any of the used algorithms
> had been broken before they were renewed. (this is a precise
> mathematical test, and does not automatically imply careless handling of
> the archive system).
> For the verification party only this hard facts count: Has the signature
> been renewed in time or not, defined by the current policy.
> (the old policies may indicate a wrong-doing of the archive system or
> justify its actions but they must not influence the evaluation of
> "valid"/"not-valid".
>
> (comment: and if it happens that the policy issuing authority
> retrospectively shortens the timespan of an algorithm, this will be for
> a reason which should not be ignored.)
>
>
> Concerning the issuing of the policy: I think that to prove its
> authenticity and integrity it should be sufficient to sign it (via CMS)
> by the authority (e.g. NIST, German Bundesnetzagentur, ...)
>
>
> I can not see any real problematic legal inter-country related
> implications.
> A signature must be valid in the country where it is presented to the
> court.
> Which includes the renewal done with ERS must be so as well.
> In court the judge will call upon the guidance of the countries security
> authority (in case of US this would be NIST) to decide whether
> algorithms are secure or have been broken and when. If these authorities
> publish this statement in the form of a signed policy, this would be a
> clear and reliable statement. (today they publish this in unsigned pdf
> and on paper)
>
> Dito in other countries.
> (obviously as these judgements of algorithms can vary between countries,
> an archiving service would have the duty to watch carefully for
> algorithm lifetime announcements the local national bodies corresponding
> to its stored documents make)
>
> Best regards, Tobias

--
___________________________________________________________

Dipl.-Math.(FH) Susanne Okunick
Fraunhofer Institute for Secure Information Technology
Department Transaction and Document Security
Rheinstraße 75, 64295 Darmstadt, Germany
phone ++49 / (0)6151 869 60005, fax ++49 / (0)6151 869 322
homepage: http://www.sit.fraunhofer.de
___________________________________________________________

The electronic Signature is certified by the Fraunhofer CA:
http://pki.fraunhofer.de/FhG-CA-Certs/FhG-CA_v2_cert.der
___________________________________________________________