Re: [ltans] Archival of signed content
Carl Wallace <carl@redhoundsoftware.com> Fri, 03 November 2017 21:59 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: ltans@ietfa.amsl.com
Delivered-To: ltans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF38313FFED for <ltans@ietfa.amsl.com>; Fri, 3 Nov 2017 14:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aW0I9Dye80u3 for <ltans@ietfa.amsl.com>; Fri, 3 Nov 2017 14:59:18 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCD4513FEF8 for <ltans@ietf.org>; Fri, 3 Nov 2017 14:59:15 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id y23so4910201qkb.10 for <ltans@ietf.org>; Fri, 03 Nov 2017 14:59:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version; bh=FW5+RA2PeOpGvQ34vb5RKqHE8dwJaC5+EwG6rWcW2OA=; b=S17hT5Qs3oQegKKhjnxOXlcs5e6PsO6JVImJOZHPwjkP3UTdGeP0nO1D/KS8fRo7IC Asqcgk04ziYuCIScbQ87XQRmQDkaDTrwflgkK2i9Mr2hF1yJsJMzLY77gUyKeS6BixHP NQI6A3HV+tURnwKY5zTs+e6Ih41Z2hKF98+U0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version; bh=FW5+RA2PeOpGvQ34vb5RKqHE8dwJaC5+EwG6rWcW2OA=; b=L/QORtdD9prU0dxY9oSnc4xdosPIqMxPy9ZAZ+C5L3C8BEmXiU4vrLZo86M6Wm1X9a b7ySqGUEqz4aewkbr51I9wQUC20YiJ3xq0TCK73dVuPc/gkhgzFxv6AeDEb+EGQcP1gY b0k/eQdPBfsOM+ELAmZJyzu9LPubVCzzf8xKo1PKwHR2JJoqpCAyr6Sww09A5KyBdv5L sd/kyzEhXO8Sq860m73yUpbJJWB7ttdfMNlLOJM4bvComucgqDBYr9JZBcCi6Fz5C0HE QTXOrT5mvWmTH0PhGvhA5fUtU3Xrp+lXh5zvFbXEpFrug0kSEw62fyvwS4imq7+FLLme eJJw==
X-Gm-Message-State: AJaThX7oamdrAfhPO+PpIlTQG6W+xKAKq86NGgOCN9op0m6VzFA7iwxr o3KNWfw6tOaWutDkd+obQJoRLQ==
X-Google-Smtp-Source: ABhQp+QHHGdDQtyVDEQPDiSMg6IxzeotHAi92aPIWQf/zuTAvXHDLJZSmOS07/3ZJTEsw70RvtmpNw==
X-Received: by 10.55.77.67 with SMTP id a64mr11234955qkb.172.1509746354920; Fri, 03 Nov 2017 14:59:14 -0700 (PDT)
Received: from [10.65.104.59] ([64.94.31.206]) by smtp.googlemail.com with ESMTPSA id h21sm4759340qte.72.2017.11.03.14.59.11 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 03 Nov 2017 14:59:14 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Fri, 03 Nov 2017 17:59:06 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Glen Vermeylen <glen.vermeylen@gmail.com>, ltans@ietf.org
Message-ID: <D6225E68.A3D28%carl@redhoundsoftware.com>
Thread-Topic: [ltans] Archival of signed content
References: <CANrgx4-G1md1uEsRtex4Vvv61MtdwBS-1Hfb-435zK2=3+Y8pg@mail.gmail.com>
In-Reply-To: <CANrgx4-G1md1uEsRtex4Vvv61MtdwBS-1Hfb-435zK2=3+Y8pg@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3592576753_5807798"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ltans/JmOaHM4_oe6ogaPwvAvOxu39xNo>
Subject: Re: [ltans] Archival of signed content
X-BeenThere: ltans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: LTANS Working Group <ltans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ltans>, <mailto:ltans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ltans/>
List-Post: <mailto:ltans@ietf.org>
List-Help: <mailto:ltans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ltans>, <mailto:ltans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 21:59:20 -0000
RFC 5276 was the notion for preserving PKI artifacts. Preserve those once. From: ltans <ltans-bounces@ietf.org> on behalf of Glen Vermeylen <glen.vermeylen@gmail.com> Date: Friday, October 27, 2017 at 12:20 PM To: <ltans@ietf.org> Subject: [ltans] Archival of signed content > Hello, > > On the off-chance that aynone still reads this list, I may as well ask my > question . > > I'm making a preliminary implementation of the XMLERS spec and it seems to me > explicit support for long term archival of signed content is out of scope? > What I mean by this that I have a relative large and rapid growing collections > of signed PDFs for which long term proof must be maintained. > However rfc6283 seems to only describe the datastructure for maintaining the > evidence of the initial and subsequent archivetimestamps, meaning providing > revocation info on any signing certificates is to be decided by the > implementor. Or am I missing something obvious? > > If this is the case, it seems the archival process consists of multiple steps: > > * stage any archive objects for LTA + provide info on signing certificates > (specify file type or provide certificates + chain info or ....) > * at start of inital HashTree creation, obtain full chain + revocation info > for each signed dataobject, and add this to the archive object > plus side on this is that for identical signing certificates on many > dataobjects (this is my case), these revocation infos can be obtained once and > cached > * Create + timestamp HashTree > * From then on, the process for re-timestamping and hashtree renewal can be > followed as described in the spec. > > > > From this follows that a validator of an EvidenceRecord for an ArchiveObject > must obtain > * All dataobjects, including the revocation info ( in a proprietary format ? > Any suggestions on this?) > * EvidenceRecord xml structure > > Is this understanding correct? > > Many thanks, > Glen Vermeylen. > _______________________________________________ ltans mailing list > ltans@ietf.org https://www.ietf.org/mailman/listinfo/ltans
- [ltans] Archival of signed content Glen Vermeylen
- Re: [ltans] Archival of signed content Carl Wallace
- Re: [ltans] Archival of signed content Glen Vermeylen
- Re: [ltans] Archival of signed content Tobias Gondrom
- Re: [ltans] Archival of signed content Carl Wallace
- Re: [ltans] Archival of signed content Glen Vermeylen
- Re: [ltans] Archival of signed content Tobias Gondrom