[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Time Stamp: tsa field in TSTInfo
Robert,
> Okay, I will make the tsa name optional as well. However, it MUST be
> present if the authenticated attribute from ESS is not included. I think
> that since time stamp tokens will be used as evidence in support of
> non-repudiation, there should be some identification of the TSA within the
> signed part of the token.
Generally speaking, I am not found of too many OPTIONS. Whenever we can avoid
one, we should: this is much easier for interoperability testing. In that case I
would favour the mandatory support of the authenticated attribute from ESS and
suppress the name from the content of the token.
Regards,
Denis
>
> > ----------
> > From: Denis Pinkas[SMTP:Denis.Pinkas@bull.net]
> > Sent: Thursday, April 08, 1999 6:16 AM
> > To: Peter Sylvester
> > Cc: ietf-pkix@imc.org; jluis@fnmt.es; robert.zuccherato@entrust.com
> > Subject: Re: Time Stamp: tsa field in TSTInfo
> >
> > Peter,
> >
> > I concur with your proposal, ie. use an signed (also called
> > "authenticated")
> > attribute from ESS that indicates the certificate used by the TSA and
> > suppress the
> > name of the TSA from the signed structure. This "useful" attribute is
> > indeed in
> > ESS, not CMS - where it should have been. :-(
> >
> > Since the verifier will need anyway to get that certificate to verify the
> > signature, then, at that time, it will get the name of the TSA.
> >
> > Regards,
> >
> > Denis
> >
> >
> > > >
> > > > Actually, I believe that when using CMS only the content (in this case
> > > > TSTInfo) is signed along with any authenticated attributes. Thus, the
> > > > distinguishing information for the TSA would not be signed if it was
> > not
> > > > included within the TSTInfo structure.
> > > If the TST provider want to surely indicate its identity, one
> > > can use an ess signing certificate attribute.
> > >
> > > This seems preferable to me (if the tendancy is avoid to reinvent
> > things).
> > >
> > > The ess stuff was probably not avaiable at the time when
> > > the tst draft was written for the first time.
> > >
> > >
> > > >
> > > > Robert.
> > > >
> > > > > ----------
> > > > > From: Juan Luis López[SMTP:jluis@fnmt.es]
> > > > > Sent: Wednesday, April 07, 1999 5:25 AM
> > > > > To: pkix
> > > > > Subject: Time Stamp: tsa field in TSTInfo
> > > > >
> > > > > Hi everybody!
> > > > >
> > > > > I am involved in a Time Stamping project and we are analysing
> > the PKIX
> > > > > draft about this subject.
> > > > >
> > > > > I would like to give my opinion on an issue to the list:
> > > > > It seems not appropriate to include a field in TSTInfo structure
> > > > > related to the tsa identity, i.e. tsa field. I don't find this field
> > > > > necessary because it is repeated when using a CMS or PKCS#7 envelope
> > to
> > > > > encapsulate the token information. This information would be
> > redundant
> > > > > since an identifier distinguishing the given tsa should be present
> > in the
> > > > > signerInfo structure.
> > > > >
> > > > > So, I recommend the deletion of this field.
> > > > >
> > > > > Regards,
> > > > > Juan Luis López
> > > > >
> > > > >
> > > > >
> > > > >
> > --------------------------------------------------------------------------
> > > > > -----------
> > > > > Juan Luis López <
> > > > > jluis@fnmt.es>
> > > > > Project Engineer
> > > > > http://www.fnmt.es/pkits
> > > > > Fábrica Nacional de Moneda y Timbre tel: [+34] 91 506 48
> > 40
> > > > > C/ Juan de Mariana, 17 fax: [+34]
> > 91 506
> > > > > 48 51
> > > > > E-28045 Madrid, SPAIN
> > > > >
> > > >
> >