[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Time Stamp: tsa field in TSTInfo

To: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Subject: Re: Time Stamp: tsa field in TSTInfo
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Thu, 08 Apr 1999 12:16:54 +0200
Cc: ietf-pkix@xxxxxxx, jluis@xxxxxxx, robert.zuccherato@xxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Peter,

I concur with your proposal, ie. use an signed (also called "authenticated")
attribute from ESS that indicates the certificate used by the TSA and suppress the
name of the TSA from the signed structure. This "useful" attribute is indeed in
ESS, not CMS - where it should have been. :-(

Since the verifier will need anyway to get that certificate to verify the
signature, then, at that time, it will get the name of the TSA.

Regards,

Denis


> >
> > Actually, I believe that when using CMS only the content (in this case
> > TSTInfo) is signed along with any authenticated attributes.  Thus, the
> > distinguishing information for the TSA would not be signed if it was not
> > included within the TSTInfo structure.
> If the TST provider want to surely indicate its identity, one
> can use an ess signing certificate attribute.
>
> This seems preferable to me (if the tendancy is avoid to reinvent things).
>
> The ess stuff was probably not avaiable at the time when
> the tst draft was written for the first time.
>
>
> >
> >       Robert.
> >
> > > ----------
> > > From:       Juan Luis López[SMTP:jluis@fnmt.es]
> > > Sent:       Wednesday, April 07, 1999 5:25 AM
> > > To:         pkix
> > > Subject:    Time Stamp: tsa field in TSTInfo
> > >
> > >     Hi everybody!
> > >
> > >     I am involved in a Time Stamping project and we are analysing the PKIX
> > > draft about this subject.
> > >
> > >     I would like to give my opinion on an issue to the list:
> > >     It seems not appropriate to include a field in TSTInfo structure
> > > related to the tsa identity, i.e. tsa field. I don't find this field
> > > necessary because it is repeated when using a CMS or PKCS#7 envelope to
> > > encapsulate the token information. This information would be redundant
> > > since an identifier distinguishing the given tsa should be present in the
> > > signerInfo structure.
> > >
> > >     So, I recommend the deletion of this field.
> > >
> > >     Regards,
> > >    Juan Luis López
> > >
> > >
> > >
> > > --------------------------------------------------------------------------
> > > -----------
> > > Juan Luis López                                              <
> > > jluis@fnmt.es>
> > > Project Engineer
> > > http://www.fnmt.es/pkits
> > > Fábrica Nacional de Moneda y Timbre             tel: [+34] 91 506 48 40
> > > C/ Juan de Mariana, 17                                  fax: [+34] 91 506
> > > 48 51
> > > E-28045 Madrid, SPAIN
> > >
> >

References:
- RE: Time Stamp: tsa field in TSTInfo
  - From: Peter Sylvester

Prev by Date: Re: Time Stamping: comments on nonce field
Next by Date: RE: Time Stamp: tsa field in TSTInfo
Previous by thread: RE: Time Stamp: tsa field in TSTInfo
Next by thread: RE: Time Stamp: tsa field in TSTInfo
Index(es):
- Date
- Thread