Re: LAST CALL:draft-ietf-pkix-time-stamp-05.txt

[Paul Koning <pkoning@xxxxxxxxx>]

>>>>> "Joerg" == Joerg Seidel <seidel@timeproof.de> writes:

 Joerg> "Linn, John" schrieb:
 >> I don't think that a confidentiality-protected channel to the TSA
 >> solves the issue I was envisioning.  I expect that some uses of
 >> timestamps will require that their recipients present or post them
 >> (selectively or generally) for examination after they're obtained,
 >> and that such timestamps could potentially be correlated by third
 >> parties.  I might be interested, e.g., to observe a timestamp
 >> obtained by someone else with a hash which matches that of a
 >> confidential document of mine.
 Joerg> I don't think that this really matters in pratical life, since
 Joerg> a timestamp without the corresponding document wouldn't proof
 Joerg> anything. I can not imagine an application which makes it
 Joerg> necessary to send a timestamp without the document.

I suppose it isn't entirely obvious what sort of hazards are created
by the scenarion John mentioned.  On the other hand, it is clear that
what John described is accurate: if you have two timestamps with the
same imprint, the conclusion that they are for the same document
follows automatically.

Consider the analogy of ECB encryption -- this is considered unwise
because of the property that the occurrence of the same cipher block
means the same plaintext was encrypted.  Does that matter?  Often, it
doesn't.  Sometimes it might.  Since it's trivially avoided (by using
any other mode), ECB is considered a thing to avoid.

While one might argue about the importance of adding the note John
asked for, is there harm in adding it?  Does it mislead?  I don't see
that it does.  It provides information that may only matter to a very
few, but since it does, let's add it.

	paul