Re: LAST CALL:draft-ietf-pkix-time-stamp-05.txt

[Joerg Seidel <seidel@xxxxxxxxxxxx>]

"Linn, John" schrieb:
> I don't think that a confidentiality-protected channel to the TSA solves the
> issue I was envisioning.  I expect that some uses of timestamps will require
> that their recipients present or post them (selectively or generally) for
> examination after they're obtained, and that such timestamps could
> potentially be correlated by third parties.  I might be interested, e.g., to
> observe a timestamp obtained by someone else with a hash which matches that
> of a confidential document of mine.
I don't think that this really matters in pratical life, since a timestamp
without the corresponding document wouldn't proof anything. I can not imagine
an application which makes it necessary to send a timestamp without the
document. But if you are transmitting/publishing the document together with
the timestamp, the third party would be looking for the document not the hash
since it can even recognize it when small changes were made.

> I'm not committed to proposing a
> particular mechanism; I suggest, however, slightly adapting text above into
> an advisory note for Security Considerations: "If different entities obtain
> timestamps on the same data object using the same hash algorithm, or a
> single entity obtains multiple timestamps on the same object, the generated
> timestamp tokens will include identical message imprints; as a result, an
> observer with access to those timestamp tokens could infer that the
> timestamps may refer to the same underlying data."
As stated above I do not believe this to be necessary, but I don't have an
objection either.

Jörg Seidel

-- 
timeproof                               phone  +49-40-76629-1911
Development                             fax    +49-40-76629-551
Harburger Schloßstraße 6-12             mailto:seidel@timeproof.de
D-21079 Hamburg                         http://www.timeproof.de

     + + + timeproof CeBIT 2000 Hall 23 Stand A22/14 + + +