Re: Cautionary Period

[Alfonso De Gregorio <agregorio@xxxxxxx>]

On Tue, Jan 15, 2002 at 06:35:32PM +0100, Denis Pinkas wrote:

I agree with Denis point of view.
In certain contexts (eg. data origin authentication with
integrity) some clients would still like to observe a 
cautionary period and use DPV.
Performing the cautionary-period observation at server-side
makes the life easier to clients and makes the set of target
execution environments larger (since let them to be unconscious
of the current-time).
Consider cautionary-periods a requirement for DPV does not make
necessarily the protocol more complex. Validation policies MAY
support cautionary periods.

Finally... we should delegate as much as possible all the validation
conditions to DPV servers.

alfonso

> >       You are correct that there are other services than NR for which
> > cautionary period is useful.  However, don't they all involve the
> > validation of signed data (and data to be kept for a considerable time, 
> 
> Is a week-end period a "considerable time" ? I do not think so. 
> An e-mail sent on the friday may only be opened on the monday. 
> Applying a cautionary period increases the confidence and reduces the risk.
> 
> > at that)?  If they do, then cautionary period should go into DSV.
> 
> Everybody agrees that a cautionary period certainly applies to DSV.
> 
> However, some thin clients would still like to use DPV to verify digital
> signatures in particular in the context of data origin authentication with
> integrity. I do not think it would be appropriate to say that it is not
> possible and that the cautionary period, when it exists, shall only be
> applied *locally* by the client.
>
> Denis