[ltans] Question about RFC 4998 Appendix A. Evidence Record Using CMS

Satoru Otsubo <hatt3@otip.jp> Fri, 18 December 2009 11:50 UTC

Return-Path: <hatt3@otip.jp>
X-Original-To: ltans@core3.amsl.com
Delivered-To: ltans@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2234E3A682E for <ltans@core3.amsl.com>; Fri, 18 Dec 2009 03:50:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCPfnSWOaKLI for <ltans@core3.amsl.com>; Fri, 18 Dec 2009 03:50:39 -0800 (PST)
Received: from auth.gate-on.net (auth.gate-on.net [210.197.72.170]) by core3.amsl.com (Postfix) with ESMTP id 0C8783A657C for <ltans@ietf.org>; Fri, 18 Dec 2009 03:50:38 -0800 (PST)
Received: from otip.otip.jp (KD113159121125.ppp-bb.dion.ne.jp [113.159.121.125]) by auth.gate-on.net (Postfix) with ESMTP id 530129F151 for <ltans@ietf.org>; Fri, 18 Dec 2009 20:50:23 +0900 (JST)
Received: from [192.168.0.2] (helo=localhost.localdomain) by otip.otip.jp with smtp (Exim 4.63) (envelope-from <hatt3@otip.jp>) id 1NLbLj-0004DL-74 for ltans@ietf.org; Fri, 18 Dec 2009 20:50:23 +0900
Date: Fri, 18 Dec 2009 20:50:23 +0900
From: Satoru Otsubo <hatt3@otip.jp>
To: ltans@ietf.org
Message-Id: <20091218205023.b07176bc.hatt3@otip.jp>
X-Mailer: Sylpheed version 2.3.0beta5 (GTK+ 2.8.20; i486-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: [ltans] Question about RFC 4998 Appendix A. Evidence Record Using CMS
X-BeenThere: ltans@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: LTANS Working Group <ltans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ltans>, <mailto:ltans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ltans>
List-Post: <mailto:ltans@ietf.org>
List-Help: <mailto:ltans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ltans>, <mailto:ltans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 11:55:18 -0000

I am Satoru Otsubo.
Pardon me for my poor English.
As ERS can give many CMS's a timestamp based on a hash tree and therefore the timestamp cost become very cheaper, I am considering to use ERS to timestamp many CMS's at once.
RFC 4998 Appendix A has explanations to implement ERS on CMS's.

(1) I want to give as an unsignedAttribute a Evidence Record to CMS which includes contentInfo. In this case, ASN.1 syntax of the unsignedAttribute is as follows?:

   Attribute ::= SEQUENCE {
      attrType OBJECT IDENTIFIER (1.2.840.113549.1.9.16.2.49)
      attrValues SET OF AttributeValue }

   AttributeValue ::= EvidenceRecord

   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }

   ............

   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}


Namely, unsignedAttribute's OID is 1.2.840.113549.1.9.16.2.49 ?
And, can I use as a AttributeValue the same EvidenceRecord syntax as described in RFC 4998 Section 3.1 and 4.1 ?

(2) Well, 1.2.840.113549.1.9.16.2.49 is ASN.1 Internal EvidenceRecord Attribute.
 Therefore I think it can be used as a OID of any kind of selection method, as long as EvidenceRecord is included as an unsignedAttribute in CMS.
 Therefore I think it can be used not only as OID in selection method 1 and 2 described in Appendix A, but also as OID where signature is selected as selection method, as long as EvidenceRecord is included as an unsignedAttribute in CMS.
 Can I use 1.2.840.113549.1.9.16.2.49 when I use as data objects signatures of CMS ?

      SignerInfo ::= SEQUENCE {
        version CMSVersion,
        sid SignerIdentifier,
        digestAlgorithm DigestAlgorithmIdentifier,
        signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
        signatureAlgorithm SignatureAlgorithmIdentifier,
        signature SignatureValue,       (<= I want to use this value as data object.)
        unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }


Thanks in advance.