Re: RFC3161(TSP): doubts about whole thing...

[Jean-Marc Desperrier <jmdesp@xxxxxxx>]

todd glassey wrote:

> - PLEASE BE VERY SPECIFIC -
Why should I ?
You are asking me to oppose RFC3161 token with DB Time Data blob which I 
never intended to do.

DB Time Data blob have their use and will never be replaced by RFC3161 
tokens in most contexts.
If the way you generate your DB time stamp offers enough garanty for you 
needs, then it can not be beaten.

The only think a RFC3161 token adds to a time data is a signature, and 
the real interest of that signature is to get an independent third party 
involved.
Only some specific application will really need to get a third party 
involved.
The second advantage is off-line checking.

If you'd restrict yourself to the cases where you can contact the third 
party on-line for checking, you could do only with records and no signature.
But it's very convenient to be able to check off-line.
If you are such a professional third party, you will like that most of 
the checking is done off-line, without being overloaded by the load of 
all the people constantly checking the data (this load has a cost, it 
might be a very high one).
For this kind of use, the overload of the 3161 token is not very 
significant, but the added convenience is.