[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: LAST CALL:draft-ietf-pkix-time-stamp-05.txt

To: "'Linn, John'" <jlinn@xxxxxxxxxxxxxxx>, "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: RE: LAST CALL:draft-ietf-pkix-time-stamp-05.txt
From: Philip Hallam-Baker <pbaker@xxxxxxxxxxxx>
Date: Tue, 1 Feb 2000 07:31:27 -0800

This attack can be corrected by using the 'exposed MAC' I proposed
in the HTTP security working group in '93 (yahh boo sucks to patent
squaters).

Essentially what one does is to use a MAC to digest the document (I
referred to it as a keyed digest in the prior art). Then one publishes
the key to the MAC along with the digest.

The advantage of this particular scheme is that you can use it to 
harden a system against even exhaustive search (brute force) attacks
with a little ingenuity.


		Phill


-----Original Message-----
From: Linn, John [mailto:jlinn@rsasecurity.com]
Sent: Monday, January 31, 2000 4:05 PM
To: 'ietf-pkix@imc.org'
Subject: RE: LAST CALL:draft-ietf-pkix-time-stamp-05.txt


I've a few comments on this specification.

If different entities obtain timestamps on the same data object using
the
same hash algorithm, or a single entity obtains multiple timestamps on
the
same object, the generated timestamp tokens will include identical
message
imprints; as a result, an observer could determine that the timestamps
refer
to the same underlying data.  It might be worth a note in Security
Considerations stating that, in contexts where this potential exposure
is a
concern, some unique value could be generated by the requester and
combined
with a data object before hashing the combination in order to produce
MessageImprint's hashedMessage. 

The second paragraph of Sec. 2.2 bears a number of SHALLs for
verification
steps which are to be performed by the requesting entity once the
TimeStampToken is received.  What's the recommended or required action
if
any of these verifications fail? 

In the Accuracy structure, is no more than one of the seconds, millis,
or
micros OPTIONALs to occur, or may more than one of these elements occur
in
combination? 

In References, [ESS] is now RFC-2634.

Editorially, there's an odd character which seems to recur instead of
the
apostrophe in the phrase "TSA's", and in other places where an
apostrophe or
closing single quote is intended; on my display, it appears as a
ligature
"AE".

Other, minor editorial points:

p. 8, 1st line, "may to be used" -> "may be used".

Later on p. 8, "subtracting the accuracy to" -> "subtracting the
accuracy
from". 

Appendix A, 4th line, "allows to know" -> "allows a verifier to know".

--jl

Attachment: smime.p7s
Description: application/pkcs7-signature

Follow-Ups:
- Re: LAST CALL:draft-ietf-pkix-time-stamp-05.txt
  - From: Denis Pinkas

Prev by Date: Unsubscribe cowens@bbn.com
Next by Date: RE: OCSP and CSL
Previous by thread: RE: LAST CALL:draft-ietf-pkix-time-stamp-05.txt
Next by thread: Re: LAST CALL:draft-ietf-pkix-time-stamp-05.txt
Index(es):
- Date
- Thread