Re: [ltans] Concrete examples of long-term archiving

Istvan Zsolt BERTA <istvan.berta@microsec.hu> Fri, 12 August 2011 15:24 UTC

Return-Path: <istvan.berta@microsec.hu>
X-Original-To: ltans@ietfa.amsl.com
Delivered-To: ltans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0D7621F89C1 for <ltans@ietfa.amsl.com>; Fri, 12 Aug 2011 08:24:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.911
X-Spam-Level: **
X-Spam-Status: No, score=2.911 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_HU=1.35, HOST_EQ_HU=1.245, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NGvYaVPp3T0d for <ltans@ietfa.amsl.com>; Fri, 12 Aug 2011 08:24:41 -0700 (PDT)
Received: from everest.microsec.hu (everest.microsec.hu [193.226.230.4]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAE921F881C for <ltans@ietf.org>; Fri, 12 Aug 2011 08:24:40 -0700 (PDT)
Received: from [10.42.223.165] (z165.e-cegjegyzek.hu [10.42.223.165]) by everest.microsec.hu (8.12.11.20060308/8.12.11/SuSE Linux 0.7) with ESMTP id p7CFPEEg001374 for <ltans@ietf.org>; Fri, 12 Aug 2011 17:25:16 +0200
Message-ID: <4E4545E5.9060003@microsec.hu>
Date: Fri, 12 Aug 2011 17:25:25 +0200
From: Istvan Zsolt BERTA <istvan.berta@microsec.hu>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: ltans@ietf.org
References: <BE403E73-8966-4FB9-9624-DAC303A0EC0D@cdc.informatik.tu-darmstadt.de> <4E4243A2.5030805@microsec.hu> <4E428403.5080203@earthlink.net>
In-Reply-To: <4E428403.5080203@earthlink.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [ltans] Concrete examples of long-term archiving
X-BeenThere: ltans@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: LTANS Working Group <ltans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ltans>, <mailto:ltans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ltans>
List-Post: <mailto:ltans@ietf.org>
List-Help: <mailto:ltans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ltans>, <mailto:ltans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2011 15:24:43 -0000

Dear Todd,

2011.08.10. 15:13 keltezéssel, todd glassey írta:
>> In Hungary, the authentic long-term archival of electronically signed
>> documents is included in the e-signature law. Aside qualified CAs, we
>> also have qualified archiving service providers.
>>
> Is there a Design Specification available?

What do you mean on Design Specification? We have the archiving service 
listed in our e-signature law, and this law prescribes the requirements 
a qualified archiving service provider must fulfill.

There is an English version here:
http://www.docshare.com/doc/199777/hungary

Our authorities also released some 'guidance' on the technical 
requirements and policy requirements, but I think they are going to be 
superseded by the recently released ETSI specifications:

ETSI TS 101 533-1 Information Preservation Systems Security; Part 1: 
Requirements for Implementation and Management
http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=31009

ETSI TR 101 533-2 Information Preservation Systems Security; Part 2: 
Guidelines for Assessors
http://webapp.etsi.org/workprogram/Report_WorkItem.asp?WKI_ID=34232


None of these requirements go into details like prescribing certain 
formats, etc.

Regards,

István



>>
>>
>> The Hungarian Chamber of Notaries is running an archival project since
>> 2007. Certain classes of notarial deeds are archived electronically.
>> The notary creates the notarial deed on paper, scans it (as PDF),
>> signs it with her qualified electronic signature and sends it to the
>> archives (our company is a qualified archiving service provider, we
>> run these archives). A few million notarial deeds are archived this
>> way currently.
>>
>> Notaries create their signatures in XAdES-A format, and in the
>> archives these signatures are archived in an LTANS ERS -like format.
>> We do not use ERS because when our system was started, ERS RFCs were
>> not available yet, but our logic is very similar to ERS.
>>
>>
>> Electronically signed documents are also used (and archived) in
>> context of the Hungarian registry of businesses. If you want to found
>> a company in Hungary, you need to turn to a lawyer, and your lawyer
>> submits the necessary electronically signed documents to the business
>> registry court. The judge at the registry court also creates an
>> electronically signed resolution.
>> Lawyers are required to archive these electronically signed documents,
>> e.g. using a qualified archiving provider. This system also involves
>> millions of documents, but only a small fraction of them is archived
>> currently. (There are already certain resolutions that were not
>> archived properly and their timestamps expired. They are problematic.)
>>
>>
>> Unfortunately I have very little written information on this in
>> English (our English website is rather just a placeholder):
>>
>> http://www.berta.hu/publications/Berta2007efpe.pdf (of year 2007)
>> http://www.berta.hu/publications/Berta2011efpe.pdf (of year 2011)
>> http://srv.e-szigno.hu/menu/index.php?lap=english_archiving
>> http://srv.e-szigno.hu/menu/index.php?lap=english_firm_registry
>>
>> If you have any further questions, feel free to ask, and I shall do my
>> best to answer.
>>
>> Regards,
>>
>> István
>>
>>
>>
>>
>>
>>
>> 2011.08.04. 18:21 keltezéssel, Martin Augusto G. Vigil írta:
>>> Hi,
>>>
>>> I am a PhD student and I have been working on a survey on long-term
>>> authenticity and proof of existence. I have found many solutions
>>> (e.g. ERS, Patricia Trees, etc), projects (e.g. ArchiSig, Prokopius,
>>> HP's Content Integrity Service) and even acts (Sarbanes-Oxley Act,
>>> Directive 2001/115/EC) but few real life examples in which long-term
>>> archiving is required and was already used.
>>>
>>> May someone point some concrete examples?
>>>
>>> Kind regards, ---- Martín A. Gagliotti Vigil Technische Universität
>>> Darmstadt Cryptography and Computer Algebra Hochschulstraße 10 64289
>>> Darmstadt, Germany Room: S2/02 B216 Tel.: +49 6151 16-5416
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ ltans mailing list
>>> ltans@ietf.org https://www.ietf.org/mailman/listinfo/ltans
>>
>> _______________________________________________
>> ltans mailing list
>> ltans@ietf.org
>> https://www.ietf.org/mailman/listinfo/ltans
>>
>
>