|
Hi PKIX-ers,
I have some comments on Time Stamping
protocols regarding "nonce" field:
First of all, the
declaration of this field in the request and token is somehow incoherent, while
the nonce is mandatory in TimeStapReq (it is not declared OPTIONAL), the
TimeStampToken´s nonce is OPTIONAL but it is stated that "...must be
present if the similar field in TimeStampReq is present..." and hence the
clause OPTIONAL is meaningless and confusing for this field shall always be
present. I would suggest this field to be declared OPTIONAL both in the request
and token or better deleted if we take into account the following:
As far as I understand, a nonce value is
present in the request and token in order for the requester to be able to match
the responses from the TSA with her requests when using an asynchronous
transport. It can be argued that such functionality should be left to the
transport layer when required, but furthermore I must say that the nonce is not
necessary since matching can be performed using the "messageImprint"
field.
The only justification at hand to defend
the "nonce" is when asking a TSA "What time it is" (not
including messageImprints field), and in order to defeat replay attacks in this
case... Anyway, this use of a TSA steps aside from "providing a
proof-of-existence for a particular message in an instant in time" and
personally don't like it; I would call that a STS (secure time source) (i.e.:
authenticated NTP) and would not force TS protocols modifications for that
use.
Regards,
Juan. ____________________________________________
Juan González-de-la-Vega Software Engineer E-mail: <jgonzalez@fnmt.es> FNMT - Fábrica Nacional de Moneda y Timbre Phone: +34 (91) 506 48 40. Fax: +34 (91) 506 48 59 |