Comment on draft-ietf-ltans-xmlers-03.txt (3)
"Andreas Menke" <andreas.menke@openlimit.com> Thu, 16 July 2009 10:14 UTC
Return-Path: <owner-ietf-ltans@mail.imc.org>
X-Original-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Delivered-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DF1D3A6CBC for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Thu, 16 Jul 2009 03:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.019
X-Spam-Level:
X-Spam-Status: No, score=0.019 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1yxnYUm0SkF for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Thu, 16 Jul 2009 03:14:33 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 4A3403A6C3E for <ltans-archive-ba2WohFa@ietf.org>; Thu, 16 Jul 2009 03:14:33 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6GA41rB085183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Jul 2009 03:04:01 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n6GA40DJ085182; Thu, 16 Jul 2009 03:04:00 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-ltans@mail.imc.org using -f
Received: from postrelay7.edis.at (postrelay7.edis.at [85.126.233.180]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6GA3m7P085143 for <ietf-ltans@vpnc.org>; Thu, 16 Jul 2009 03:04:00 -0700 (MST) (envelope-from andreas.menke@openlimit.com)
Received: from mailrelay.edis.at (postrelay7.edis.at [85.126.233.180]) by postrelay7.edis.at (Postfix) with ESMTP id E568E1804FDB5 for <ietf-ltans@vpnc.org>; Thu, 16 Jul 2009 12:03:46 +0200 (CEST)
Received: from ANDY-MOB ([::ffff:212.202.128.19]) (AUTH: LOGIN andreas.menke@openlimit.com, SSL: TLSv1/SSLv3,128bits,AES128-SHA) by mailrelay.edis.at with esmtp; Thu, 16 Jul 2009 12:03:46 +0200 id 000000001804DDC2.000000004A5EFB02.000046D1
Received: from ANDYMOB by ANDY-MOB (PGP Universal service); Thu, 16 Jul 2009 12:03:50 +0100
X-PGP-Universal: processed; by ANDY-MOB on Thu, 16 Jul 2009 12:03:50 +0100
From: Andreas Menke <andreas.menke@openlimit.com>
To: ietf-ltans@vpnc.org
Subject: Comment on draft-ietf-ltans-xmlers-03.txt (3)
Date: Thu, 16 Jul 2009 12:03:39 +0200
Organization: OpenLimit SignCubes GmbH
Message-ID: <001a01ca05fc$b4e00c40$1ea024c0$@menke>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcoF/LDVMmfekfD2TvOTU2gKb+f59Q==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Language: de
Sender: owner-ietf-ltans@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-Unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
List-ID: <ietf-ltans.imc.org>
Hello list. I did not got a response on my 'Comment on ...' from Di 23.06.2009 09:14. So I want to insist. Is it truly understood, that if 'Calculate hash value from binary representation of the last <ArchiveTimeStamp> element [...].' (Section 4.2.1, point 2, sentence 2) is correct, than there is no chance ever cumulating hash-trees of hash-trees and so on to get a new timestamp on top during timestamp renewal since an ATS is for (mostly) every ERS different? If, for example, in the last 30years there are 1 million hash-trees build with 1 million timestamps on top, reduced to >= 1million ERS. Than it would be on timestamp renewal that one must get 1 million new timestamps (preserving the same hash-tree size)? It is true, that this must be done in case of weakness of the digest algorithm, but why on timestamp renewal? What is the deeper sense on using the ATS to hash and not the <TimeStamp> element which likely is the same for all generated ERS of some hash-tree? If, for example, one wants that the revocation values are to be secured by the next timestamp, than it might be nicer to define a new element inside <TimeStamp> which is capable of holding that data, *not* including the reduced hash-tree which varies from ERS to ERS. Is it truly understood, that if 'Acquire the time-stamp for the calculated hash value.' (Section 4.2.1, point 2, sentence 3) in direct conjunction with sentence 2 (see above) is correct, than one must get a timestamp for *every* ERS on timestamp renewal? Why not doing Merkle-HashTrees and than reducing? In Section 4.3, point 4, part of sentence 2 it is not clear why to verify that some ATS 'does not contain other hash values'. Do any hash values (of known or unknown data) disturb any prove in XML but not in DER? XML ERS might be useless in case of large archives. RFC4998 seems to be clearer. Regards Andreas Menke ----------------------------- Diplom-Informatiker (Uni.) Andreas Menke Team Leader, Development OPENLiMiT SignCubes GmbH Saarbrücker Str. 38 A D-10405 Berlin Fon: +49 30 868 766 10 Fax: +49 30 868 766 11 andreas.menke@openlimit.com www.openlimit.com Geschäftsführer: Heinrich Dattler, Armin Lunkeit Nadine Model (Prokuristin) Sitz der Gesellschaft: Berlin Amtsgericht Charlottenburg HRB 86352 B Finanzamt für Körperschaften II St.-Nr. 37/155/20819 USt-ID: DE 224136339 --- Erleben Sie, wie einfach es ist, elektronisch zu unterschreiben und testen Sie die neue Signatur-Software OpenLimit CC Sign 2.5 für 30 Tage kostenlos. Hier downloaden: https://www.openlimit.com/de/produkte/cc-sign/download-cc-sign-testversion.h tml
- Comment on draft-ietf-ltans-xmlers-03.txt (3) Andreas Menke
- RE: Comment on draft-ietf-ltans-xmlers-03.txt (3) Aljosa Jerman Blazic