[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about TSP (rfc 3161)

To: "Cristian Marinescu" <cristian.marinescu@xxxxxxxxxx>, <libel@xxxxxxxx>
Subject: Re: Question about TSP (rfc 3161)
From: "todd glassey" <todd.glassey@xxxxxxxxxxxxxxxx>
Date: Fri, 14 Sep 2001 17:31:35 -0700
Cc: <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

----- Original Message -----
From: "Cristian Marinescu" <cristian.marinescu@xxxxxxxxxx>
To: <libel@xxxxxxxx>
Cc: <ietf-pkix@xxxxxxx>
Sent: Thursday, September 13, 2001 7:27 AM
Subject: RE: Question about TSP (rfc 3161)

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I agree, there is in practice (at least for the moment,
> when everyone is trying to put a TSA together, more or less
> draft compliant), no reason for having such flags.
>
> But, it is also not stupid.
> Let's imagine that some day the TSP will be really used
> by everyone.  :)

For what purpose??? This is the issue, as it has always been Cristian. What
kind of use model would you have this TSA used for?

Personally I can't think of anything that I would want to use this TSP for.
If I need digital testimony between two or more parties that is keenly
established by some Human's testimon, as is the testimony of this TSA, then
why not cut the overhead of running the TSA out of the picture and just
continue to do things the way they are now. Its much less expensive and has
the exact same legal stature in a court. This is now and has always been the
problem with this TSP.

The real use of a TSP is for the creation of an evidentiary token to
memorialize the receipt of some event that was witnessed by a TTP (The TSA).
The Token is the receipt for the trust process, not the process itself and
so... with that said - Why would I want to use this TSP? What does it do for
me as a technology? It allows me to verify signatures in time... OK but I
can do that inside a PKI enhanced application without the overhead of some
protocol that only creates a postage stamp when what I really want is a
grocery receipt.

This is why the mandating of the inclusion of a Use Model is so critical
since now there is this rush to push this particular protocol into legal
standing as part of the EU's operating policy. Trying to create a necessity
to use a protocol by law is ludicrous and speaks well of everyone involved
eh? - NOT

Again in closing - What use models/process did you have in mind?

Todd Glassey

> Hard to imagine, but let's try.
> This will rise the problem of DOS attack, and some
> people, (as I have done myself) will implement the TSA
> and limit the number of parallel requests (and let's understand
> by this the number of spawn processes, or threads) to a fix number. So
> they will
> just return an error back. This is actually not a nice thing
> to do. And I presume, people there, writing the draft,
> tried to be nice: well, if I get a request, but,
> I don't have time to give a response right away, because
> I am busy, let's store the request and tell the person to try
> again sometimes later.
> Perhaps there is also the possibility
> that your clock is at that moment not available, (I would
> like to believe that there will be TSA's out there that won't read
> the time from the local system, like I do at the moment...) or maybe
> some
> other resource... how could I know??  :)
> In any case you have to take cautions about the overflooding with
> requests (or even pending requests, that havn't been answered yet)
>
> Well, at least this is the reason I can imagine. Perhaps
> there are also some other (dark!) reasons, but I would like
> to hear/read about them from the TSP gurus. :))
>
> Kindly regards,
> Cristian
>
>
> > -----Original Message-----
> > From: libel@xxxxxxxx [mailto:libel@xxxxxxxx]
> > Sent: Mittwoch, 12. September 2001 10:19
> > To: ietf-pkix@xxxxxxx
> > Subject: Question about TSP (rfc 3161)
> >
> >
> >
> > Hi,
> >
> >
> > I would like to know what are the reasons for introducing the
> > flags "pollReq",
> > "pollResp" and "negPollRep" in the socket based protocol
> > (section 3.3).
> >
> >
> > It would mean that a tsa server can divide the der code he
> > calculated for the
> > response. But why would it do that?
> >
> >
> > Thanks
> >
> >
> > Libel
> >
> >
> > --
> > Get your firstname@xxxxxxxx email for FREE at
> http://Nameplanet.com/?su
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.0.2i
>
> iQA/AwUBO6C0P8V5iyNCxCiSEQL9aQCg/DF+dzS6QV+dLFvVV6HTNTF3xvgAoOaZ
> GSkggGhyqVBA6fFIRTnn+4bu
> =FFSm
> -----END PGP SIGNATURE-----
>

References:
- RE: Question about TSP (rfc 3161)
  - From: Cristian Marinescu

Prev by Date: Re: Clarification request on RFC 2560
Next by Date: Re: Untrusting a Trusted Third Party: TSA.
Previous by thread: RE: Question about TSP (rfc 3161)
Next by thread: Clarification request on RFC 2560
Index(es):
- Date
- Thread