Re: [ltans] Concrete examples of long-term archiving
Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 08 August 2011 00:40 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: ltans@ietfa.amsl.com
Delivered-To: ltans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1FAC21F86BF for <ltans@ietfa.amsl.com>; Sun, 7 Aug 2011 17:40:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -93.958
X-Spam-Level:
X-Spam-Status: No, score=-93.958 tagged_above=-999 required=5 tests=[AWL=-1.196, BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aF0DvTFsBIqt for <ltans@ietfa.amsl.com>; Sun, 7 Aug 2011 17:40:14 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 64FCF21F8548 for <ltans@ietf.org>; Sun, 7 Aug 2011 17:40:14 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=fZ0VVaTGGfDkjgH469xOZqaDfyhoW+M6ls/pcr3bsJPa6mVEvm3R1edPVCmgZvieEgk5cQCizUOdEo9b5YkowjEYWq0OtpQzCwpZwUKeMeyIJRdtSDm8+imgvEuhJPbr; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
Received: (qmail 24260 invoked from network); 8 Aug 2011 02:39:59 +0200
Received: from 94-194-102-93.zone8.bethere.co.uk (HELO ?192.168.1.66?) (94.194.102.93) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Aug 2011 02:39:59 +0200
Message-ID: <4E3F305E.2030900@gondrom.org>
Date: Mon, 08 Aug 2011 01:39:58 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110627 Thunderbird/5.0
MIME-Version: 1.0
To: ltans@ietf.org
References: <BE403E73-8966-4FB9-9624-DAC303A0EC0D@cdc.informatik.tu-darmstadt.de>
In-Reply-To: <BE403E73-8966-4FB9-9624-DAC303A0EC0D@cdc.informatik.tu-darmstadt.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [ltans] Concrete examples of long-term archiving
X-BeenThere: ltans@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: LTANS Working Group <ltans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ltans>, <mailto:ltans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ltans>
List-Post: <mailto:ltans@ietf.org>
List-Help: <mailto:ltans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ltans>, <mailto:ltans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 00:40:15 -0000
Hi Martin, in general you can find real life examples when larger organisations are dealing with critical documents (that in paper form would be signed and often documenting high value issues) for a longer time frame. For example: - the German federal government uses ERS for signed data. There is even a guideline for all German government agencies on how to use it: https://www.bsi.bund.de/ContentBSI/Publikationen/TechnischeRichtlinien/tr03125/index_htm.html (unfortunately in German, sorry) * one scenario is for example documents signed in internal workflows and documents being delivered to an agency through a so-called agency "inbox-system". - other real life examples are: * long-term storage of documents, like pension contracts, sorry can't be more specific due to confidentiality * patient records in health care (in some jurisdictions the health care provider (e.g. hospital) is responsible to guarantee the integrity and authenticity of all archived patient records for the whole lifespan of the patient (and to be able to proof that). In the past this was done via paper documents, etc. But when such an institution moves/moved to electronic records and documents, electronic signatures were used and also required ERS to protect against broken algorithms. * electronic invoices: EU directive on electronic invoices requires them to carry a qualified signature to be used for pre-tax allowances. And as in some jurisdictions it may take years until the tax auditor validates the records, signature algorithms may become weak and require ERS to renew their strength. * or think of blueprints and documentation for air-planes and ammunition during their manufacturing process, to be stored for the whole lifetime they may be in use. But to add a pinch of salt: My personal observation is that the vast majority of cases of long-term authenticity and proof of existence is still using pure simple paper documents stored somewhere physically safe in a bunker/paper archive - like we did the last few hundred years.... (Some companies/government agencies have developed the technical capabilities to do this electronically with ERS, but most of them haven't yet). Hope that helps, Tobias On 04/08/11 17:21, Martin Augusto G. Vigil wrote: > Hi, > > I am a PhD student and I have been working on a survey on long-term authenticity and proof of existence. I have found many solutions (e.g. ERS, Patricia Trees, etc), projects (e.g. ArchiSig, Prokopius, HP's Content Integrity Service) and even acts (Sarbanes-Oxley Act, Directive 2001/115/EC) but few real life examples in which long-term archiving is required and was already used. > > May someone point some concrete examples? > > Kind regards, > ---- > Martín A. Gagliotti Vigil > Technische Universität Darmstadt > Cryptography and Computer Algebra > Hochschulstraße 10 > 64289 Darmstadt, Germany > Room: S2/02 B216 > Tel.: +49 6151 16-5416 > > > > > > _______________________________________________ > ltans mailing list > ltans@ietf.org > https://www.ietf.org/mailman/listinfo/ltans
- Re: [ltans] Concrete examples of long-term archiv… todd glassey
- [ltans] Concrete examples of long-term archiving Martin Augusto G. Vigil
- Re: [ltans] Concrete examples of long-term archiv… todd glassey
- Re: [ltans] Concrete examples of long-term archiv… Ernst Jan van Nigtevecht
- Re: [ltans] Concrete examples of long-term archiv… Aljosa Jerman Blazic
- Re: [ltans] Concrete examples of long-term archiv… Liaquat Khan
- Re: [ltans] Concrete examples of long-term archiv… todd glassey
- Re: [ltans] Concrete examples of long-term archiv… Tobias Gondrom
- Re: [ltans] Concrete examples of long-term archiv… Istvan Zsolt BERTA
- Re: [ltans] Concrete examples of long-term archiv… todd glassey
- Re: [ltans] Concrete examples of long-term archiv… Istvan Zsolt BERTA
- Re: [ltans] Concrete examples of long-term archiv… todd glassey