[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Untrusting a Trusted Third Party: TSA.

To: ietf-pkix@xxxxxxx
Subject: Untrusting a Trusted Third Party: TSA.
From: Alfonso De Gregorio <agregorio@xxxxxxx>
Date: Thu, 13 Sep 2001 14:30:01 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: agregorio@xxxxxxx
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: mymua

Hi Everyone,

The following consideration is quite obvious; however, it's intriguing
to see how the TSP allows a user to perform a simple test against a
TSA that he doesn't trust anymore.

Assume a user is afraid that a TSA is issuing time-stamp tokens while
not in synchronization with UTC; after all if a TSA use a trustworthy 
source of time and include a trustworthy time value for each time-stamp 
token is not necessarily ensuring that the clock doesn't drift outside
the declared accuracy (this is addressed in ETSI - STF 178-T1 draft H).

The test 
The ordering of time-stamp tokens issued by different TSAs is only
possible when the _absolute value_ (*) of the difference between the
genTime of the first time-stamp token and the genTime of the second
time-stamp token is greater than the sum of the accuracies of the
genTime for each time-stamp token.

*) partially contrarywise to what is asserted in section 2.4.2 of rfc3161.

TSA-1: the tsa not trusted anymore by alice 
TSA-2..TSA-3: tsa still trusted by alice

1. Alice send a TimeStampReq to TSA-1 (TSA1Req) where 
   TimeStampReq.messageImprint is simply an hash of a document kept
   secret (Alice_doc);
2. Upon receiving the response (TSA1Response), Alice hash the received 
   time-stamp token ( hash(TSA1Response) ) and send as quickly as possible
   a time-stamp request to TSA2 (TSA2Req), where 
   TimeStampReq.messageImprint is hash(TSA1Response);
3. if the absolute value of the difference of the first time-stamp token 
   and the genTime of the second time-stamp token ( abs(x) ) is greater 
   than the sum of the accuracies of the genTime for each time-stamp 
   token, Alice can order the two tokens; but for a positive value of
   the difference we have a consistent chain of time-stamp 
   request/response, and for a negative a contradictory result.

  x = TSA2Response.genTime - TSA1Response.genTime;
  while abs( x ) > (TSA2Response.accuracy + TSA1Response.accuracy)
	if  x > 0 --> TSA2Resoponse follows TSA1Response
	if  x < 0 --> TSA2Response is _antecedents_ to TSA1Response 
                      
   Alice can prove the opposite showing the chained sequence of time-stamp 
   requests:
	a. Alice_doc
	b. TSA1Response.TSTInfo.messageImprint = hash(Alice_doc)
	c. TSA2Response.TSTInfo.messageImprint(hash(TSA1Response))


Sincerely,
alfonso

Follow-Ups:
- Re: Untrusting a Trusted Third Party: TSA.
  - From: todd glassey
- Re: Untrusting a Trusted Third Party: TSA.
  - From: todd glassey

Prev by Date: Clarification request on RFC 2560
Next by Date: Comments on RFC3161
Previous by thread: Clarification request on RFC 2560
Next by thread: Re: Untrusting a Trusted Third Party: TSA.
Index(es):
- Date
- Thread