Comment on draft-ietf-ltans-xmlers-03.txt (3)
"Andreas Menke" <andreas.menke@openlimit.com> Thu, 16 July 2009 10:14 UTC
Return-Path: <owner-ietf-ltans@mail.imc.org>
X-Original-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Delivered-To: ietfarch-ltans-archive-ba2WohFa@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DF1D3A6CBC for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Thu, 16 Jul 2009 03:14:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.019
X-Spam-Level:
X-Spam-Status: No, score=0.019 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1yxnYUm0SkF for <ietfarch-ltans-archive-ba2WohFa@core3.amsl.com>; Thu, 16 Jul 2009 03:14:33 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 4A3403A6C3E for <ltans-archive-ba2WohFa@ietf.org>; Thu, 16 Jul 2009 03:14:33 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6GA41rB085183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Jul 2009 03:04:01 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n6GA40DJ085182; Thu, 16 Jul 2009 03:04:00 -0700 (MST) (envelope-from owner-ietf-ltans@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-ltans@mail.imc.org using -f
Received: from postrelay7.edis.at (postrelay7.edis.at [85.126.233.180]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6GA3m7P085143 for <ietf-ltans@vpnc.org>; Thu, 16 Jul 2009 03:04:00 -0700 (MST) (envelope-from andreas.menke@openlimit.com)
Received: from mailrelay.edis.at (postrelay7.edis.at [85.126.233.180]) by postrelay7.edis.at (Postfix) with ESMTP id E568E1804FDB5 for <ietf-ltans@vpnc.org>; Thu, 16 Jul 2009 12:03:46 +0200 (CEST)
Received: from ANDY-MOB ([::ffff:212.202.128.19]) (AUTH: LOGIN andreas.menke@openlimit.com, SSL: TLSv1/SSLv3,128bits,AES128-SHA) by mailrelay.edis.at with esmtp; Thu, 16 Jul 2009 12:03:46 +0200 id 000000001804DDC2.000000004A5EFB02.000046D1
Received: from ANDYMOB by ANDY-MOB (PGP Universal service); Thu, 16 Jul 2009 12:03:50 +0100
X-PGP-Universal: processed; by ANDY-MOB on Thu, 16 Jul 2009 12:03:50 +0100
From: Andreas Menke <andreas.menke@openlimit.com>
To: ietf-ltans@vpnc.org
Subject: Comment on draft-ietf-ltans-xmlers-03.txt (3)
Date: Thu, 16 Jul 2009 12:03:39 +0200
Organization: OpenLimit SignCubes GmbH
Message-ID: <001a01ca05fc$b4e00c40$1ea024c0$@menke>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcoF/LDVMmfekfD2TvOTU2gKb+f59Q==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Language: de
Sender: owner-ietf-ltans@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-Unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
List-ID: <ietf-ltans.imc.org>
Hello list.
I did not got a response on my 'Comment on ...' from Di 23.06.2009 09:14. So
I want to insist.
Is it truly understood, that if 'Calculate hash value from binary
representation of the last
<ArchiveTimeStamp> element [...].' (Section 4.2.1, point 2, sentence
2) is correct, than there is no chance ever cumulating hash-trees of
hash-trees and so on to get a new timestamp on top during timestamp renewal
since an ATS is for (mostly) every ERS different? If, for example, in the
last 30years there are 1 million hash-trees build with 1 million timestamps
on top, reduced to >= 1million ERS. Than it would be on timestamp renewal
that one must get 1 million new timestamps (preserving the same hash-tree
size)? It is true, that this must be done in case of weakness of the digest
algorithm, but why on timestamp renewal? What is the deeper sense on using
the ATS to hash and not the <TimeStamp> element which likely is the same for
all generated ERS of some hash-tree? If, for example, one wants that the
revocation values are to be secured by the next timestamp, than it might be
nicer to define a new element inside <TimeStamp> which is capable of holding
that data, *not* including the reduced hash-tree which varies from ERS to
ERS.
Is it truly understood, that if 'Acquire the time-stamp for the calculated
hash value.' (Section 4.2.1, point 2, sentence 3) in direct conjunction with
sentence 2 (see above) is correct, than one must get a timestamp for *every*
ERS on timestamp renewal? Why not doing Merkle-HashTrees and than reducing?
In Section 4.3, point 4, part of sentence 2 it is not clear why to verify
that some ATS 'does not contain other hash values'. Do any hash values (of
known or unknown data) disturb any prove in XML but not in DER?
XML ERS might be useless in case of large archives. RFC4998 seems to be
clearer.
Regards
Andreas Menke
-----------------------------
Diplom-Informatiker (Uni.)
Andreas Menke
Team Leader, Development
OPENLiMiT SignCubes GmbH
Saarbrücker Str. 38 A
D-10405 Berlin
Fon: +49 30 868 766 10
Fax: +49 30 868 766 11
andreas.menke@openlimit.com
www.openlimit.com
Geschäftsführer:
Heinrich Dattler, Armin Lunkeit
Nadine Model (Prokuristin)
Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 86352 B
Finanzamt für Körperschaften II
St.-Nr. 37/155/20819
USt-ID: DE 224136339
---
Erleben Sie, wie einfach es ist, elektronisch zu unterschreiben und testen
Sie die neue Signatur-Software OpenLimit CC Sign 2.5 für 30 Tage kostenlos.
Hier downloaden:
https://www.openlimit.com/de/produkte/cc-sign/download-cc-sign-testversion.h
tml
- Comment on draft-ietf-ltans-xmlers-03.txt (3) Andreas Menke
- RE: Comment on draft-ietf-ltans-xmlers-03.txt (3) Aljosa Jerman Blazic