[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New test TSA available

To: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>
Subject: RE: New test TSA available
From: todd.glassey@xxxxxxx
Date: Tue, 04 Sep 2001 16:02:30 +0000
Cc: "'tho'" <tho@xxxxxxxxxx>, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

> Hi tho,
> 
> > ----------
> > From: 	tho[SMTP:tho@xxxxxxxxxx]
> > Sent: 	Tuesday, September 04, 2001 4:26 AM
> > To: 	ietf-pkix@xxxxxxx
> > Subject: 	Re: New test TSA available
> > 
> > hi todd,
> >    
> > todd glassey wrote:
> > > 1)      In the existing RFC, the data about how the time data was
> > obtained
> > > and how it was managed so that in the future someone can look at TST's
> > from
> > > any number of sources and compare their validity or deviation from the
> > > proscribed time source. This also means a audit model around the time
> > base
> > > itself. And it implies that the operator knows how to manage UTC in
> > relation
> > > to its soft value.
> > >
> > > 2)    A declaratory payload - something that can be used to indicate the
> > > intent of the executor of the TST itself. That way going forward in the
> > > future the Courts would not have to interpret that. And maybe other
> > payload
> > > types. Like the BERT Token for instance.
> > 
> > i think that these two points should be a matter of policy (and
> > corresponding
> > practice statement) for which we have a pointer inside the TSTInfo
>  
> Absolutely.
> 
> As far as I can tell, we all understand and agree on this point, except for
> Todd.
> 
> [Todd:  if you think that these points of yours were being marginalized all
> this time, this may be why.  You were either alone or in the extreme
> minority in voicing them, and in IETF "rough consensus" is the only thing
> that leads to any progress at all, so the "rough consensus" opinion is what
> shows up in the RFCs...]
> 
> Carlisle.
> 

You are right Carlisle - they were marginalized. But the reason that anyone 
possibly could marginalize what I was saying was 
'cause they refused to state how the Protocol was to 
be used. What you and the rest of the Authors did was 
to create a protocol for verifying signatures in time 
and declared that the be "the Time Stamping protocol" 
and that is just plain wrong.

What you should have done is said "we are creating a 
protocol to memorialize events in time and to make them
comparable to each other thus." And then with that 
simple statem a set of uses could have been nuilt for 
the tokens and their creation. Instead what you have 
done is built the plumbing for the movement of the 
time without qualifying the time so that the content 
is essentially anonymous in nature.

If any of you authors had built a real word use model 
for this boat-anchor you would have come to the 
conslusions I and the other auditors, pki designers, 
time keepers, and security specialists who looked at 
the protocol did. And that is that the protocol is of 
limited if any real-world use since already existing 
methods do the same things and are already legally 
accepted by Courts on a global basis.

Thus the TSP and its TST's are an overhead not a blessing 
of testimonial value.

Sorry -

Todd

Prev by Date: Re: charter revisions
Next by Date: Re: charter revisions
Previous by thread: RE: New test TSA available
Next by thread: Re: New test TSA available
Index(es):
- Date
- Thread