RE: LAST CALL:draft-ietf-pkix-time-stamp-05.txt

[Paul Koning <pkoning@xxxxxxxxx>]

>>>>> "Linn," == Linn, John <jlinn@rsasecurity.com> writes:

 Linn,> I don't think that a confidentiality-protected channel to the
 Linn,> TSA solves the issue I was envisioning.  I expect that some
 Linn,> uses of timestamps will require that their recipients present
 Linn,> or post them (selectively or generally) for examination after
 Linn,> they're obtained, and that such timestamps could potentially
 Linn,> be correlated by third parties.  I might be interested, e.g.,
 Linn,> to observe a timestamp obtained by someone else with a hash
 Linn,> which matches that of a confidential document of mine. I'm not
 Linn,> committed to proposing a particular mechanism; I suggest,
 Linn,> however, slightly adapting text above into an advisory note
 Linn,> for Security Considerations: "If different entities obtain
 Linn,> timestamps on the same data object using the same hash
 Linn,> algorithm, or a single entity obtains multiple timestamps on
 Linn,> the same object, the generated timestamp tokens will include
 Linn,> identical message imprints; as a result, an observer with
 Linn,> access to those timestamp tokens could infer that the
 Linn,> timestamps may refer to the same underlying data."

I support John's reasoning.  The proposed note sounds good.  (I'd
suggest dropping "may" from the last line, since the hash is supposed
to have low probability of collisions.)

	paul