[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ETNRT

To: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>
Subject: Re: Comments on ETNRT
From: "Parag Namjoshi" <parag@xxxxxxxxxx>
Date: Fri, 5 Nov 1999 18:50:08 +0530
Cc: "IETF-PXIX" <ietf-pkix@xxxxxxx>
References: <> <> <> <>

Hi Dennis,

I am changing the title (again) to ETNRT. Never figured out what ETNPT was
:-).

> I still have difficulties to understand the rational for the (rather
> complex) scheme that is presented. The basic time stamping protocol
> provides a token (TST) that allows to make sure before which time a
> document and/or a certificate was signed. If some signed data needs
> to be protected by a time stamp, it seems more natural to append the
> TST to the data structure rather than going down a tree of
> "NRStorage".

> In addition, the data structure that is presented is twice
> recursive. :-(

The scheme in its entirity is indeed complex. The structure reflects the
complexities introduced due to the long period of time over over which the
tokens may remain valid. During this periods the "maintainance" of the token
may have to be taken over by different entity. Multiple copies of the token
may exist & may have to be reconciled. The format allows to create "chain of
custody" for the token as it's updated by different entities (eg.
responsibility
of maintanance of token may change or two tokens for same data may be
combined
and maintained as one after living separartely for some time). The format
will
provide *additional evidence* about the token,its managers and their
diligence.

But everyone need not use it to complete extent.
Implementations will have varying levels of complexity .
The simplest ones will just use the scheme to validate tokens with
comparatively smaller lifetimes to tide over imminent key update.
(In fact this will be the most common usage of the format)
In this case format will degenerate to simple pair of tokens. Even
timeToNextUpdate need not be present.

Smarter implementations will have chaining (ie appending
as you suggest) to provide basic functionality.A full featured
implementation
will support management of complete trees and may well go beyond that by
using policies to reconcile trees from different servers.

> Thus I am wondering the need for such a document. If you are present
> in Washington,

No I won't be there :(

Regards,
Parag.

>I would appreciate a talk on that topic.

> Regards,

> Denis

References:
- Comments on the PKIX Roadmap
  - From: Denis Pinkas
- Re: Comments on the PKIX Roadmap
  - From: Sean Turner
- Re: Comments on the PKIX Roadmap
  - From: Parag Namjoshi
- Comments on ETNPT
  - From: Denis Pinkas

Prev by Date: Real Life Example - RFC822 in a mergered firm
Next by Date: Agenda for wg
Previous by thread: Comments on ETNPT
Next by thread: Re: Comments on the PKIX Roadmap
Index(es):
- Date
- Thread