[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Time Stamp: tsa field in TSTInfo

To: "Robert Zuccherato" <robert.zuccherato@xxxxxxxxxxx>, "pkix" <ietf-pkix@xxxxxxx>
Subject: RE: Time Stamp: tsa field in TSTInfo
From: "Juan Luis López" <jluis@xxxxxxx>
Date: Thu, 8 Apr 1999 12:22:14 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Yes, you're right. But, the only thing that we should take into account is
that the token is actually signed by the tsa. What tsa? the one signing the
token. This information shall be present in the "sid" field of the
SignerInfo structure. Optionally, the tsa certificate(s) could be
incorporated in the SignedData structure. So, why should we use the tsa
field in the TSTInfo structure when CMS Signed Data is used specifically for
the purpose of authenticating the signer? I mean, why are you signing "who
you are" if the signature itself (actually the process of verifying it)
provides that information?

Juan Luis
    ------------------------------------------------------------------------
-------------
Juan Luis López                                              <jluis@fnmt.es>
Project Engineer
http://www.fnmt.es/pkits
Fábrica Nacional de Moneda y Timbre             tel: [+34] 91 506 48 40
C/ Juan de Mariana, 17                                  fax: [+34] 91 506 48
51
E-28045 Madrid, SPAIN


-----Mensaje original-----
De: Robert Zuccherato <robert.zuccherato@entrust.com>
Para: pkix <ietf-pkix@imc.org>; 'Juan Luis López' <jluis@fnmt.es>
Fecha: miércoles 7 de abril de 1999 18:47
Asunto: RE: Time Stamp: tsa field in TSTInfo


Actually, I believe that when using CMS only the content (in this case
TSTInfo) is signed along with any authenticated attributes.  Thus, the
distinguishing information for the TSA would not be signed if it was not
included within the TSTInfo structure.

Robert.

> ----------
> From: Juan Luis López[SMTP:jluis@fnmt.es]
> Sent: Wednesday, April 07, 1999 5:25 AM
> To: pkix
> Subject: Time Stamp: tsa field in TSTInfo
>
> Hi everybody!
>
> I am involved in a Time Stamping project and we are analysing the PKIX
> draft about this subject.
>
> I would like to give my opinion on an issue to the list:
> It seems not appropriate to include a field in TSTInfo structure
> related to the tsa identity, i.e. tsa field. I don't find this field
> necessary because it is repeated when using a CMS or PKCS#7 envelope to
> encapsulate the token information. This information would be redundant
> since an identifier distinguishing the given tsa should be present in the
> signerInfo structure.
>
> So, I recommend the deletion of this field.
>
> Regards,
> Juan Luis López
>
>
>
> --------------------------------------------------------------------------
> -----------
> Juan Luis López <
> jluis@fnmt.es>
> Project Engineer
> http://www.fnmt.es/pkits
> Fábrica Nacional de Moneda y Timbre tel: [+34] 91 506 48 40
> C/ Juan de Mariana, 17 fax: [+34] 91 506
> 48 51
> E-28045 Madrid, SPAIN
>

Prev by Date: Re: Time Stamp: tsa field in TSTInfo
Next by Date: RE: Time Stamp: tsa field in TSTInfo
Previous by thread: RE: Time Stamp: tsa field in TSTInfo
Next by thread: RE: Time Stamp: tsa field in TSTInfo
Index(es):
- Date
- Thread