[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

R: Comments on draft-ietf-pkix-time-stamp-00.txt

To: "'Paul Hoffman / IMC'" <phoffman@xxxxxxx>
Subject: R: Comments on draft-ietf-pkix-time-stamp-00.txt
From: Santoni Adriano <santoni@xxxxxx>
Date: Wed, 16 Dec 1998 09:00:00 +0100
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

I completely agree with you.
  Adriano
__________________________________________
Ing. Adriano Santoni
Direzione Rete - Servizio Progettazione Rete Logica
Società Interbancaria per l'Automazione - SIA S.p.A.
Viale Certosa, 218 - I-20156 Milano

Vox: +39 02 3005 277
Fax: +39 02 38003333
Plain email: santoni@sia.it
S/MIME email: asantoni@sia.it
Website: http://www.sia.it



> -----Messaggio originale-----
> Da:	Paul Hoffman / IMC [SMTP:phoffman@imc.org]
> Inviato:	martedì 15 dicembre 1998 19.14
> A:	ietf-pkix@imc.org
> Oggetto:	Comments on draft-ietf-pkix-time-stamp-00.txt
> 
> A few things from my latest reading of this draft:
> 
> 1) In 2.4, I think the TSTInfo ASN.1 is wrong. I believe that all of the
> optional items should be tagged. With your current definition, if the
> nonce
> and messageImprint are omitted in the response, the receiver doesn't know
> if the next integer is the nonce or the serialNumber.
> 
> 2) In 3.2, I do not like using port 309 for this. In the IANA registry,
> that port is listed as:
> entrusttime     309/tcp    EntrustTime    
> entrusttime     309/udp    EntrustTime    
> #                          Peter Whittaker <pww@entrust.com>
> That is inappropriate for a standards-track document. I think you should
> change the port registration.
> 
> 3) In 3.3, "application/timestamp" is not registered with IANA. I believe
> you should add the registration request in the draft.
> 
> 4) In A, you need to fully specify the OID. Also, appendices don't have
> their own references; those should go in the main reference section. Also,
> according to RSA, PKCS-9 is *not* referencable, because they are free to
> add and delete items in it at any time. I suggest that you pick an OID in
> some other tree.
> 
> 5) In C, the security considerations and references need to be moved up to
> the main document. 
> 
> 6) In D, I think this is too vague. For example, "Stock market
> information"
> doesn't explain which data is used to get unpredictable results. The
> combination of "the value of such-and-such index" and "at the close of
> such-and-such day" might be used, but just "information" isn't enough. The
> same is true for the other things in your list. My guess is that you
> should
> just remove this and let it be specified by the particular TDA.
> 
> --Paul Hoffman, Director
> --Internet Mail Consortium

Prev by Date: FYI: ABA ISC Meeting Notice
Next by Date: Re: Invalidity Dates
Previous by thread: FYI: ABA ISC Meeting Notice
Next by thread: Re: On Hold
Index(es):
- Date
- Thread