IETF Logo Mail Archive

Comment on draft-ietf-ltans-xmlers-03.txt (4)

"Andreas Menke" <andreas.menke@openlimit.com> Wed, 22 July 2009 10:16 UTC

Return-Path: <owner-ietf-ltans@mail.imc.org>
X-Original-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Delivered-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 623893A6A5D for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Wed, 22 Jul 2009 03:16:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.019
X-Spam-Level:
X-Spam-Status: No, score=0.019 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qoToe-kj-sSp for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Wed, 22 Jul 2009 03:16:21 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id CF06D3A6A3C for <ltans-archive-ba2WohFa@ietf.org>; Wed, 22 Jul 2009 03:16:17 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6MA8Vo2017063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 22 Jul 2009 03:08:31 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n6MA8Vad017062; Wed, 22 Jul 2009 03:08:31 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-ltans@mail.imc.org using -f
Received: from postrelay7.edis.at (postrelay7.edis.at [85.126.233.180]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6MA8JJZ017046 for <ietf-ltans@vpnc.org>; Wed, 22 Jul 2009 03:08:30 -0700 (MST) (envelope-from andreas.menke@openlimit.com)
Received: from mailrelay.edis.at (postrelay7.edis.at [85.126.233.180]) by postrelay7.edis.at (Postfix) with ESMTP id EEDB31804FDF6 for <ietf-ltans@vpnc.org>; Wed, 22 Jul 2009 12:08:17 +0200 (CEST)
Received: from ANDY-MOB ([::ffff:212.202.128.19]) (AUTH: LOGIN andreas.menke@openlimit.com, SSL: TLSv1/SSLv3,128bits,AES128-SHA) by mailrelay.edis.at with esmtp; Wed, 22 Jul 2009 12:08:17 +0200 id 00000000180216CB.000000004A66E511.000060B1
Received: from ANDYMOB by ANDY-MOB (PGP Universal service); Wed, 22 Jul 2009 12:08:20 +0100
X-PGP-Universal: processed; by ANDY-MOB on Wed, 22 Jul 2009 12:08:20 +0100
From: Andreas Menke <andreas.menke@openlimit.com>
To: ietf-ltans@vpnc.org
Subject: Comment on draft-ietf-ltans-xmlers-03.txt (4)
Date: Wed, 22 Jul 2009 12:08:09 +0200
Organization: OpenLimit SignCubes GmbH
Message-ID: <001101ca0ab4$544e2940$fcea7bc0$@menke>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcoKtFAy5+hSt01+TD6WTZXbEVYFTw==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Language: de
Sender: owner-ietf-ltans@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-Unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
List-ID: <ietf-ltans.imc.org>

Hello list.

There a few other points I want to tell:

1) CanonicalizationMethodType has in XMLDSIG (RFC3275) for <any> contents
modifiers minOccurs=0 and maxOccurs=unbound set. Same for DigestMethodType.
In general it is better to use the original instead of defining it twice.

2) HashTree renewal is somewhat confusing. 

	In 4.2.2 Generation it is said in 4.: 
' Calculate hash value hatsc(i) = H(ATSC(i))from binary
      representation of the previously generated and ordered
      <ArchiveTimeStampChain> elements within <ArchiveTimeStampSequence>
      element, corresponding to data object d(i).'

Is it meant	that for all previous <ArchiveTimeStampChain> elements
ordered ascending according to their order attribute, they must be
canonicalized each for its own, binary appended and then hashed with H
resulting in hash value hatsc(i).

	In 4.3 Verification it is said in 3. that:
' contains hash
      values of data object and the hash value of all preceding Archive
      Time-Stamp Chains'

This should be read as: contains the hash value h(i)' for data object i
which is build from all preceding <ArchiveTimeStampChain> elements ordered
ascending according to their order attribute, canonicalized each for its
own, binary appended and then hashed with algorithm H resulting in hash
value hatsc. h(i)' is then the hash value of the binary concatenation of
H(i) and hatsc: h(i)' = H(H(i)+hatsc).


Regards

Andreas Menke


-----------------------------
Diplom-Informatiker (Uni.)
Andreas Menke
Team Leader, Development

OPENLiMiT SignCubes GmbH
Saarbrücker Str. 38 A
D-10405 Berlin

Fon: +49 30 868 766 – 10
Fax: +49 30 868 766 – 11
andreas.menke@openlimit.com
www.openlimit.com

Geschäftsführer:
Heinrich Dattler, Armin Lunkeit
Nadine Model (Prokuristin)
Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 86352 B
Finanzamt für Körperschaften II
St.-Nr. 37/155/20819
USt-ID: DE 224136339
---

Erleben Sie, wie einfach es ist, elektronisch zu unterschreiben und testen
Sie die neue Signatur-Software OpenLimit CC Sign 2.5 für 30 Tage kostenlos.
Hier downloaden:
https://www.openlimit.com/de/produkte/cc-sign/download-cc-sign-testversion.h
tml

v2.23.0 | Report a Bug | By Email