IETF Logo Mail Archive

Re: Time-stamping.

Jean-Marc Desperrier <jean-marc.desperrier@certplus.com> Tue, 20 March 2001 12:23 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id HAA03019 for <pkix-archive@odin.ietf.org>; Tue, 20 Mar 2001 07:23:35 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id EAA09597; Tue, 20 Mar 2001 04:22:58 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 20 Mar 2001 04:22:55 -0800
Received: from certplus.com (facteur.certplus.com [195.101.88.81]) by above.proper.com (8.9.3/8.9.3) with ESMTP id EAA09567 for <ietf-pkix@imc.org>; Tue, 20 Mar 2001 04:22:54 -0800 (PST)
Received: from certplus.com ([192.168.212.178]) by certplus.com (8.11.2/8.11.2) with ESMTP id f2KCKif27187 for <ietf-pkix@imc.org>; Tue, 20 Mar 2001 13:20:45 +0100
Message-ID: <3AB74B86.17622C51@certplus.com>
Date: Tue, 20 Mar 2001 13:22:30 +0100
From: Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>
Organization: Certplus
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-pkix <ietf-pkix@imc.org>
Subject: Re: Time-stamping.
References: <001a01c0b130$280b4e30$966801c4@insight>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit

Prashant Dambe wrote:

> Time-stamping of the dataum does not bind the time-stamped data to
> paticular user.So where it will be used as it does not bind creator
> identity. Any one canclaim that  I am the author of the document.
> Until there is specifically identificationof the creator inside the
> document itself.

So you need to include identification of the creator inside the document
you wish to time-stamp.

This part is plain evidence.
 > One way to do this is to to sign over dataum plus time-stamped
-data.> In this case user can replace the signature put its own
signature.> So Is not that time-stampng of signature value is
necessary.> And if the time-stamped signature value is placed as
unsigned attribute,> it can be also replaced and it is undetectable in
current specification.> So in the current draft IS time-stamp generated
fully secured?

Yes, if properly used.
But some clarification about how to use it properly might be needed.

As I discuss in my other message, you need, in most cases, to insert
inside the text that you wish to time-stamp, a reference to the time at
which you claim that the statement is true, before signing and then
time-stamping it.
No one should accept as valid a message without such a statement.
This reference does not need to be time-stamped, this is what you author
of the document, claim, and when you claim it.

In SMIME, this will be required by the standard.
There's the same requirement in "Technical Requirements for a
non-Repudiation Service".

v2.23.0 | Report a Bug | By Email