[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cautionary Period

To: Alfonso De Gregorio <agregorio@xxxxxxx>
Subject: Re: Cautionary Period
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Fri, 11 Jan 2002 14:09:35 -0500
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Alfonso:

> > I encourage everyone to read DPV and DPD requirements document, and post
> > their view on this subject.  I believe that the document expresses
Denis'
> > view on the issue.  My view is that cautionary period is a not a
> > requirement for DPV or DPD.  However, cautionary periods might be used
as
> > part of an application-specific risk mitigation mechanism when trying to
> > determine the validity of a particular signature.  For example, waiting 
> for
> > cautionary period before considering a signature to be valid on a
> > high-value electronic contract may be prudent.  Therefore, cautionary
> > periods might be supported in DSV (delegated signature validation).
>
>In order to observe the cautionary-period-delay at application level
>the execution environment must be current-time-aware.
>DPV target execution environments are assumed to be constrained, at
>least by a processing and/or communication point of view.
>Constrained execution environments, such as telephones and PDA,
>are not necessarily current-time-aware (or have time-sources not
>necessarily trusted).
>Delegating a path validation to a TTP allows execution environments
>to be unaware of the current-time.
>So, IMHO, cautionary periods should be a requirement for DPV.

There are many application contexts where the concept of a cautionary 
period is irrelevant.  For example: TLS.  The client will either accept the 
server's certificate for establishment of the TLS-protected session, or it 
will reject it.

So, when does it matter?  Non-repudiation of a high-value transaction. In 
such a context, it is very important to know when a transaction take 
place.  The PKIX working group has done a lot of work on TSP to fill this 
requirement.

Let's assume that the constrained client wants to validate such a 
transaction.  The TSP timestamp provides the date/time of interest.  It can 
ask the DPV server if the signer's path was valid at the time that the 
signature was generated.

In my view, the cautionary period only impacts the signature on the 
transaction.  The DPV server does not validate this signature.  Has 
adequate time passed since the signature was applied to ensure that recent 
compromise of the end-entity private key has been reported?  I submit that 
this a signature validation question, not a certification path validation 
question.

Russ




============================================================================
================
This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.
============================================================================
================

Follow-Ups:
- Re: Cautionary Period
  - From: Denis Pinkas

Prev by Date: TSP interop
Next by Date: Re: I-D ACTION:draft-ietf-pkix-certstore-http-01.txt
Previous by thread: Re: Cautionary Period
Next by thread: Re: Cautionary Period
Index(es):
- Date
- Thread