IETF Logo Mail Archive

Re: question to time stamp draft: case of error

Bernd Matthes <mainbug@celocom.de> Tue, 16 January 2001 16:23 UTC

Received: from ns.secondary.com ([208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id LAA15384 for <pkix-archive@odin.ietf.org>; Tue, 16 Jan 2001 11:23:37 -0500 (EST)
Received: from localhost (daemon@localhost) by ns.secondary.com (8.9.3/8.9.3) with SMTP id IAA10963; Tue, 16 Jan 2001 08:16:53 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 16 Jan 2001 08:16:38 -0800
Received: from brot.celocom.de (brot.celocom.de [212.78.104.200]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA10923 for <ietf-pkix@imc.org>; Tue, 16 Jan 2001 08:16:36 -0800 (PST)
Received: from frolic.celocom.de (frolic.celocom.de [212.78.104.90]) by brot.celocom.de (Postfix) with ESMTP id 473712FD7; Tue, 16 Jan 2001 17:22:08 +0100 (CET)
Received: from celocom.de (bernd.celocom.de [212.78.104.41]) by frolic.celocom.de (Postfix) with ESMTP id 5B1E6108003; Tue, 16 Jan 2001 17:22:07 +0100 (CET)
Message-ID: <3A64752E.75B00D83@celocom.de>
Date: Tue, 16 Jan 2001 17:22:06 +0100
From: Bernd Matthes <mainbug@celocom.de>
Reply-To: mainbug@celocom.de
Organization: Celo Communications -- http://www.celocom.com
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: de,en
MIME-Version: 1.0
To: FRousseau@chrysalis-its.com
Cc: Denis.Pinkas@bull.net, ietf-pkix@imc.org
Subject: Re: question to time stamp draft: case of error
References: <918C70B01822D411A87400B0D0204DFF72F5B5@panda.chrysalis-its.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms59C99297B07DF21C81502811"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

> FRousseau@chrysalis-its.com wrote:
> 
> Jean-Marc Desperrier (jean-marc.desperrier@certplus.com) asked a
> similar question in December and Ari Kermaier (arik@phaos.com) wrote:
> 
> > The PKIFailureInfo structure described in
> draft-ietf-pkix-rfc2510bis-02
> > includes systemFailure(25) which, while not very descriptive, might
> fit the
> > bill for hardware failure.
> 
> Denis, will you be adding systemFailure(25) to the PKIFailureInfo in
> the RFC version of the Time Stamping Protocol?

And additional badSenderNonce(18)?
I think, if a time stamp query contains a wrong nonce, this is also a
helpful value.

BTW,
if a signed ts query is received, it should be possible to send
appropriate
errors send back  like badMessageCheck(1), signerNotTrusted(20) or
notAuthorized(23).
Is it generally planned that the new RFC provides a signed time stamp
query?
The last draft-ietf-pkix-time-stamp-12.txt say nothing about this fact.

> 
> I agree with Jean-Marc and Ari that it would be very useful to add
> this additional value to the PKIFailureInfo since the latest time
> stamping draft currently indicates that:
> 
> "These are the only values of PKIFailureInfo that are supported.
> Compliant servers MUST NOT produce any other values. Compliant clients
> MAY ignore any other values."
> 
> By not adding during the final editing of the RFC
> version, this useful value could not ever be used to indicate this
> type of error.
> 

with kind regards
-- 
Mors certa, hora incerta. In dubio pro mille.
--------------------------------------------------------------------
Bernd Matthes                   Celo Communications GmbH
Senior Software Engineer    	Weissenfelser Strasse 46a   
Nachrichtentechniker            D 06217 Merseburg           
Dipl.-Ing.(FH)                  http://www.celocom.com      
  f. technische Informatik      mailto:mainbug@celocom.de   
http://www.worldbug.de          Tel.: +49 3461/3318-0       
mailto:mainbug@worldbug.de      Fax:  +49 3461/415072
--------------------------------------------------------------------
"When in doubt, use brute force." (Ken Thompson)

v2.23.0 | Report a Bug | By Email