[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The need for two grades of time data.

To: <kent@xxxxxxx>, <todd.glassey@xxxxxxxxxxxxxxxx>
Subject: Re: The need for two grades of time data.
From: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>
Date: Wed, 13 Sep 2000 10:02:45 -0600
Cc: <ietf-pkix@xxxxxxx>

I believe that what Todd is trying to say is that the question isn't,
"What time is it?" but rather "What time is it, and who says so, and
why should anyone believe them?"

If I have correctly understood his position, I think he has an 
excellent point.

I think I have told this story before, but when I was a kid in 
Cheyenne, there was a jewelry store that had a very fancy 
nautical chronometer displayed in their window, and many 
people in town used it to set their watches.

One day, the jeweler observed an executive of the Union Pacific 
Railroad setting his watch, and they got to talking about time.  The 
executive said rather proudly that he set his watch according to the 
jeweler's chronometer every day, and then adjusted their railroad 
clock accordingly, including the clock that blew the noon whistle.
The jeweler blanched, and said, "But I set my chronometer according 
to your whistle!"

Isn't necessary to get  involved in all of the intricacies of various
legal system, and what constitutes acceptable evidence, to realize that
like all weights and measures, the standards must eventually be
shown to be traceable back to an agreed-upon source.

If absolute time is important, then the traceability of that time back to 
an agreed-upon reference is important.  One way to beat a speeding
ticket is to challenge the calibration of the radar gun and/or the 
speedometer of the cop car, and the same principle will apply here.

(Whether absolute time ought to be all that important is a different matter,
but if it is, the same chain of custody issues should apply as apply to
a certificate chain.)

Bob



>>> Stephen Kent <kent@bbn.com> 09/13/00 09:09AM >>>
Todd,

>Thanks for responding Steve, but again the real issue with this 
>concept of evidentiary time is in treating the parametric time data 
>as content rather than control process elements. Once you do that it 
>gets to be obvious that you need a auth/certification stream and 
>chain-of-custody model for that time data to meet these evidentiary 
>needs.
>
>So I have to ask - "What is the problem with treating time and 
>perhaps other parametric data like location data, as through it had 
>the same risks with it that the Human or Entity Identity issues that 
>spawned PKIX in the first place? because it does?"
>
>We seem to as a group have restricted our relating to time and other 
>parametric evidentiary processes as though they were only part of 
>the plumbing and it just aint so.
>
>Any of the data points that are use inside the decision support 
>process protocols that we are building (OCSP, TSP, etc etc etc) are 
>all tied to the requirement of some evidentiary anchor - Someone or 
>something has to sign that top level cert, some key generator has to 
>pump out that key pairing, and that data has been sanctified by PKIX 
>to date as it rightly should, but the use of traditional Control 
>Data points a parts of the larger evidentiary or decision support 
>process warrants that that data have the same integrity as any other.

I sometimes have trouble parsing your text; this is one of those 
times. There must be a clearer way to communicate what you're trying 
to state. Please try again.

Steve

Follow-Ups:
- Re: The need for two grades of time data.
  - From: Ben Laurie

Prev by Date: Re: The need for two grades of time data.
Next by Date: Re: The need for two grades of time data.
Previous by thread: Re: The need for two grades of time data.
Next by thread: Re: The need for two grades of time data.
Index(es):
- Date
- Thread