[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New Internet Draft on Non-Repudiation Requirements

To: pope@xxxxxxxxxxx
Subject: RE: New Internet Draft on Non-Repudiation Requirements
From: Paul Koning <pkoning@xxxxxxxxx>
Date: Wed, 1 Sep 1999 09:19:22 -0400
Cc: Denis.Pinkas@xxxxxxxx, tgindin@xxxxxxxxxx, ietf-pkix@xxxxxxx
References: <><>

>>>>> "Nick" == Nick Pope <pope@secstan.com> writes:

 Nick> Denis, It is worth noting that in X.509 clause 11.2, note 2
 Nick> states:

 Nick> " If a non-repudiation of data service is dependent on keys
 Nick> provided by the CA, the service should ensure that all relevant
 Nick> keys of the CA (revoked or expired) and the timestamped
 Nick> revocation lists are archived and certified by a current
 Nick> authority."

 Nick> This has relevance to our current work together as well as this
 Nick> list.  I believe that the word "timestamp" refers to just a
 Nick> date a time value, not a trusted timestamp produced by a
 Nick> timestamping authory.

I would think it does need to be a trusted timestamp, because you need 
to be able to verify that information bearing on the validity of
signatures (such as CRLs) indeed did exist at the claimed time.

For example, suppose the CA key was compromised at some time and
revoked.  CRLs known to have been issued before then would be good,
but CRLs not provably issued by then are suspect even if internal data 
in them claims they were old.

	paul

References:
- Re: New Internet Draft on Non-Repudiation Requirements
  - From: Denis Pinkas
- RE: New Internet Draft on Non-Repudiation Requirements
  - From: Nick Pope

Prev by Date: RE: SCVP-01
Next by Date: RE: End-Entity Certificate Policies
Previous by thread: RE: New Internet Draft on Non-Repudiation Requirements
Next by thread: X509 Language - Was Re: New Internet Draft on Non-Repudiation Requirements
Index(es):
- Date
- Thread