multiple time-stamp tokens and untrusting certain users

[Alfonso De Gregorio <agregorio@xxxxxxx>]

Hi Everyone,

what about to add to a future update of rfc3161 examples of how
a TSA users can produce multiple time-stamp tokens of the same
message imprint?

Similarly with what described in draft-ietf-smime-esformats-04.txt,
time-stamp request can be (obviously) requested in independent 
way from multiple TSAs. Additionally, it would be nice to have
an example of a chained time-stamp request/responses.

 h = hash(doc);
 TSA1TimeStampReq.messageImprint = h;
 h2 = hash(TSA1ResponseToken);
 TSA2TimeStampReq.messageImprint = h2;
 TSA2ResponseToken.TSTInfo.messageImprint = h2;
 ...
 TSAnResponseToken.TSTInfo.messageImprint = hn;



- Untrusting the relation between a specific user (eg. TSA developer,
  administrator, owner) and a TSA.

This expedient can be helpful while proving the absence of collusion
between a user and a particular TSAs. Assuming that the same user
cannot collude with and arbitrary long series on TSAs.

A user in fact, can collude with a TSA to let a false genTime be applied 
to the time-stamp request. This mechanism prevents the generation
of successive or antecedents time-stamps for selected users.

(in my opinion, in future documents should be addressed also the issues
regarding certain potential TTP users and the associated TTPs -
Did you can trust a notary that claims to be the author of a document 
and that want give proof of his authorship throw a deed signed 
by itself? :-) )

Regards,
alfonso