IETF Logo Mail Archive

Time-stamp issue

"Prashant Dambe" <prashant@elock.co.in> Thu, 15 March 2001 09:27 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA27526 for <pkix-archive@odin.ietf.org>; Thu, 15 Mar 2001 04:27:34 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id BAA09635; Thu, 15 Mar 2001 01:26:54 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Thu, 15 Mar 2001 01:26:41 -0800
Received: from pdcpune.elock.co.in (pdcpune.elock.co.in [196.1.104.8]) by above.proper.com (8.9.3/8.9.3) with ESMTP id BAA09558 for <ietf-pkix@imc.org>; Thu, 15 Mar 2001 01:26:36 -0800 (PST)
Received: from insight (insight.fcpl.co.in [196.1.104.150]) by pdcpune.elock.co.in with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id G395XAM8; Thu, 15 Mar 2001 14:55:44 +0530
Message-ID: <003101c0ad31$fd4898d0$966801c4@insight>
From: Prashant Dambe <prashant@elock.co.in>
To: ietf-pkix@imc.org
Subject: Time-stamp issue
Date: Thu, 15 Mar 2001 14:56:17 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_002E_01C0AD60.16F00BF0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

As specified in the draft-ietf-pkix-time-stamp-13.txt.
APPENDIX A - Signature Timestamp attribute using CMS
One of the major use of time stamping is to time stamp a digital signature to prove that the digital signature was created before 
a given time. Should the corresponding public key certificate be revoked this allows to know whether the signature was created before or after the revocation date.
A sensible place to store a time stamp is in a [CMS] structure as an unsigned attribute.

But what happens in the following scenario.
As timestamp token is placed as unsigned attribute, one of the possible attack is that 
if Time-stamp token it self is replaced with the Time-stamp token of the same signature value
inside CMS  i.e  If the same signature is time-stamped after some later time and Time-stamp in the 
original CMS is replaced,it not possibled to detect that orignal time-stamp has been replaced.
So putting time-stamp as unsigned attribute not works fine in all cases.

Thanks
Prashant Dambe.

v2.23.0 | Report a Bug | By Email