[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question on Time Stamp Protocols
Hi,
I have a very basic question about PKIX Part V Time Stamp Protocols:
Why must the data to be time-stamped have the form
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING}
What is the benefit, that an AlgorithmIdentifier must be specified and the
data must
be hashed ?
MessageImprint could have the form: MessageImprint ::= OCTET STRING
In this case, the requesting entity is responsible for the data it transmits.
The data contained in the OCTET STRING may be the hash of something, or
the signature of something, or something which was not modify by a
hash-function.
The Time Stamping authority may refuse data which are too big or not, and
would not have
to decide wether or not the given hash algorithm is "sufficient" !
How can the Time Stamping authority check (in the current version),
that the hash-data were produced by the requesting entity using the specified
algorithm (and not using another algorithm as the one specified) ?
Maybe I did not understand a "basic" of the whole and all the remarks I made are
not correct ! If it is so, excuse me ! If not, please help me to understand !
Thank's in advance
Olivier
+-----------------------------------------------------------+
| Olivier Onimus |
| Danet GmbH, Business Unit Telecommunications Technology |
| Gutenbergstrasse 10, D-64331 Weiterstadt, Germany |
| Tel: +49-6151-868-127 |
| Fax: +49-6151-868-264 |
| e-mail: onimus@danet.de |
+-----------------------------------------------------------+