[Gen-art] Re: Gen-ART review of draft-ietf-ltans-ers-13.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 22 May 2007 07:34 UTC
Return-path: <gen-art-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HqOtG-000348-O9; Tue, 22 May 2007 03:34:42 -0400
Received: from gen-art by megatron.ietf.org with local (Exim 4.43) id 1HqOtF-00033z-G3 for gen-art-confirm+ok@megatron.ietf.org; Tue, 22 May 2007 03:34:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HqOtF-00033r-5y for gen-art@ietf.org; Tue, 22 May 2007 03:34:41 -0400
Received: from ug-out-1314.google.com ([66.249.92.175]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HqOtD-0006sB-QR for gen-art@ietf.org; Tue, 22 May 2007 03:34:41 -0400
Received: by ug-out-1314.google.com with SMTP id 72so135826ugd for <gen-art@ietf.org>; Tue, 22 May 2007 00:34:39 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=TWdmdNxSgY9gmtqj7hQuDLHTnZVjZ66z8hzbG9ryZnM7tOi49XZR/HnK/znRCbxuBQaDe+wIq6bxSesWdgXTdkRsEQeklOFTB90unwWG9Zs/KU27NJCgFiI37pXvSqIAyZKoSr/xuTaE6AxPdPPlMo/iWtZ4K8jQh3o0vUWJO+Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=uhs2dypE5Rmy3AJFOygJqHn+c225LFEdjX9wnzWDxEbcIX6pjJ+A7P3GU1ZaJ++9kbk05OgWNMO4rA0O/5JqHJJOJCSGQf6NJHQ/cYAzxrezUWDhYT/L7ZcBFOYGNoGe9562xQCtcLbXGJLcQ08/MEoTo3a+4aEz3wtp70APWmM=
Received: by 10.82.100.1 with SMTP id x1mr10177692bub.1179819278993; Tue, 22 May 2007 00:34:38 -0700 (PDT)
Received: from ?10.10.50.1? ( [213.3.13.1]) by mx.google.com with ESMTP id y6sm22436038mug.2007.05.22.00.34.37; Tue, 22 May 2007 00:34:38 -0700 (PDT)
Message-ID: <46529D0C.1070505@gmail.com>
Date: Tue, 22 May 2007 09:34:36 +0200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: Carl Wallace <CWallace@cygnacom.com>
References: <886F5D4C78AFB14D87261206BFB9612E1D06059E@scygmxs1.cygnacom.com>
In-Reply-To: <886F5D4C78AFB14D87261206BFB9612E1D06059E@scygmxs1.cygnacom.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: ralf.brandner@intercomponentware.com, General Area Review Team <gen-art@ietf.org>, Tobias Gondrom <tgondrom@opentext.com>, ulrich.pordesch@zv.fraunhofer.de, Tim Polk <wpolk@nist.gov>
Subject: [Gen-art] Re: Gen-ART review of draft-ietf-ltans-ers-13.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Thanks for the explanations. It's up to Russ and Tim to decide if
any clarification of the text is needed.
> The validate draft provides additional details
I'm a little surprised then that it isn't cited as an
Informational reference. It seems that although it isn't
needed to understand the ERS syntax, it will be needed
for any practical deployment.
Brian
On 2007-05-21 20:44, Carl Wallace wrote:
>>> 1. At the end of section 4.2:
>>>
>>> The data (e.g. certificates, CRLs or OCSP-Responses)
>> needed to verify
>>> the timestamp SHOULD be stored in the timestamp itself or MUST be
>>> preserved otherwise.
>>>
>>> I find this insufficiently clear. When would it be
>> acceptable not to
>>> store these data in the timestamp, and if not done so, how
>> would the
>>> retriever know where to look?
>> [tg]: There are three main reasons why we did intentionally
>> write this up in this level of detail:
>> At first, most of the verification of a RFC3161-timestamp has
>> been documented very well in the timestamp and CMS
>> specifications. Second, ERS is open for other timestamps as
>> well (e.g. ISO-18014-x) and they may (and do) require other
>> verification data than RFC3161, plus these other formats may
>> not be able to store all the necessary information for
>> verification inside their data structures.
>> And third, as some of the verification data may be dependent
>> on the use case and country where it is verified, the WG
>> works on the I-D
>> http://www.ietf.org/internet-drafts/draft-ietf-ltans-validate-
>> 01.txt to describe the verification and the required data in
>> more detail.
>
> In addition to the above, the "SHOULD be stored in the timestamp"
> recommendation is present in the spec because this is the easiest option.
> If the timestamp contains all of the verification data, then there is less
> work for the verifier to perform. However, this also freezes the
> verification context (if this is the only means of preserving verification
> data). There is a companion specification that defines how to use SCVP and
> ERS to preserve certificates and CRLs independent of a data item that is
> archived. This has a few benefits, including decreasing the storage burden
> on the archive and avoiding freezing the validation context.
>
> Regarding your first question, certificates and CRLs may always be omitted
> provided they are otherwise preserved and available. Regarding your second
> question, the relying party would need to know where to obtain the preserved
> artifacts. An archive may provide an SCVP interface for this purpose.
>
> The same situation applies to signatures within archived data, not just for
> timestamp signatures. The validate draft provides additional details, but
> is still a work-in-progress. The requirement is for the verifier to use
> verification data that has been preserved. Including the verification data
> in each timestamp is one means of doing so.
>
--
NEW: Preferred email for non-IBM matters: brian.e.carpenter@gmail.com
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-ltans-ers-… Brian E Carpenter
- [Gen-art] Gen-ART review of draft-ietf-ltans-ers-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- Re: [Gen-art] RE: Gen-ART review of draft-ietf-lt… Russ Housley
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Carl Wallace
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- RE: [Gen-art] RE: Gen-ART review of draft-ietf-lt… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] Re: Gen-ART review of draft-ietf-ltans-… Brian E Carpenter
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Carl Wallace
- [Gen-art] RE: Gen-ART review of draft-ietf-ltans-… Tobias Gondrom