[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encryption and ERS

To: "Aljosa Jerman Blazic" <aljosa@xxxxxxxxx>, <ietf-ltans@xxxxxxx>
Subject: Re: Encryption and ERS
From: "TS Glassey" <tglassey@xxxxxxxxxxxxx>
Date: Fri, 19 Oct 2007 12:41:28 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=saGS2M5Xns7G89yXNGnbC8brZmTWtC8LkEpAMbSgyXVdEtLijIJky2YH95/14aKY; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
References: <B365DBD652563B41A90F1F3B546A6C8F227D1B@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-ltans@xxxxxxxxxxxx

Which is why its so important to keep a full chain of custody on all changesto the content. The amount of data being stored is irrelevant to the issueof this technology. A key Goal of LTANS should not be constrained by thesize or amount of data stored but the integrity of the control processaround the data.


That's one of the things I think is not addressed sufficiently to date.

Todd Glassey (as an Auditor).

----- Original Message -----From: "Aljosa Jerman Blazic" <aljosa@xxxxxxxxx>

To: <ietf-ltans@xxxxxxx>
Sent: Friday, October 19, 2007 7:01 AM
Subject: Encryption and ERS


Hi

I am working on the next version of XMLERS and by studying the last ERS
spec (RFC actually), I stumbled over encryption part:

"When a relying party uses an evidence record to prove the
     existence of encrypted data objects, it may be desirable for
     clients to only store the unencrypted data objects and to delete
     the encrypted copy.  In order to use the evidence record, it must
     then be possible to unambiguously re-encrypt the unencrypted data
     to get exactly the data that was originally archived.  Therefore,
     additional data necessary to re-encrypt data objects should be
     inserted into the evidence record by the client, i.e., the LTA
     never sees these values."

This approach foresees the inclusion of, correct me if I am wrong, data
necessary to re-encrypt data by a client to validate ERS generated. Now
the question here is, how can such information be trusted from a client?
It somehow breaks the point of ERS. It is true that LTA never sees such
data but this, IMO, does not affect the confidentiality issues and it
even does not make sense, as the crypto material used for encryption is
usually public... Or?

Also, there is a typo on page 19: instead of "ha(1), ha(2), ha(3) are as
defined in step 4 above" it should be "ha(1), ha(2), ha(3) are as
defined in step 3 above"

A.

-------------------
SETCCE
Jamova 39
SI-1000 Ljubljana
Europe
tel: +386 1 4773505
fax: +386 1 4773911
www.setcce.si
-------------------

References:
- Encryption and ERS
  - From: Aljosa Jerman Blazic

Prev by Date: Re: Encryption and ERS
Previous by thread: AW: Encryption and ERS
Next by thread: RE: Encryption and ERS
Index(es):
- Date
- Thread