RE: I-D ACTION:draft-ietf-pkix-time-stamp-08.txt. HASH

["Manger, James H" <James.H.Manger@xxxxxxxxxxxxxxxx>]

Denis

Paul Koning provided sensible arguments for removing the unnecessary checks
by the TSA on the messageImprint field.  Michael Zolotarev agreed, as did
Terry Hayes.  No one disagreed.  However, the latest timestamp draft does
not reflect this agreement.  Why not?

If more voices are needed I add my agreement.

If details of specific text changes are required here goes (apply to draft
09):

1. In section 2.1. "Requirements of the TSA", delete item 7 ("to examine the
OID of the one-way..") and renumber the subsequent items.

2. In section 2.1. "Requirements of the TSA", delete the bracketed text in
item 8, i.e. the text that refers to item 7.

3. In section 2.4.1 "Request Format", page 4, delete the following sentence:
	"Its length MUST match the length of the hash value for that
algorithm (e.g. 20 bytes for SHA-1 or 16 bytes for MD5)"

4. In section 2.4.1 "Request Format", page 5, delete the following
paragraph:
	"The hash algorithm indicated in the hashAlgorithm field MUST be a
known hash algorithm (one-way and collision resistant)."

5. In section 2.4.2 "Response Format", page 8, delete the following text:
	", provided that the size of the hash value matches the expected
size of the hash algorithm identified in hashAlgorithm"



P.S. The changes do not prevent a TSA rejecting a timestamp request if it
knows the hash algorithm is bad.