[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cautionary Period
Hi Russ, hi Denis, hi Everyone,
> I encourage everyone to read DPV and DPD requirements document, and post
> their view on this subject. I believe that the document expresses Denis'
> view on the issue. My view is that cautionary period is a not a
> requirement for DPV or DPD. However, cautionary periods might be used as
> part of an application-specific risk mitigation mechanism when trying to
> determine the validity of a particular signature. For example, waiting for
> cautionary period before considering a signature to be valid on a
> high-value electronic contract may be prudent. Therefore, cautionary
> periods might be supported in DSV (delegated signature validation).
In order to observe the cautionary-period-delay at application level
the execution environment must be current-time-aware.
DPV target execution environments are assumed to be constrained, at
least by a processing and/or communication point of view.
Constrained execution environments, such as telephones and PDA,
are not necessarily current-time-aware (or have time-sources not
necessarily trusted).
Delegating a path validation to a TTP allows execution environments
to be unaware of the current-time.
So, IMHO, cautionary periods should be a requirement for DPV.
alfonso