[144931] in cryptography@c2.net mail archive
Re: Trusted timestamping
daemon@ATHENA.MIT.EDU (=?UTF-8?B?UGF3ZcWCIEtyYXdjenlr?=)
Mon Oct 5 11:33:43 2009
Reply-to: pawel.krawczyk@hush.com
Date: Mon, 05 Oct 2009 16:14:46 +0200
To: cryptography@metzdowd.com, ap@poneyhot.org
From: "=?UTF-8?B?UGF3ZcWCIEtyYXdjenlr?=" <pawel.krawczyk@hush.com>
On Sun, 04 Oct 2009 23:42:22 +0200 Alex Pankratov <ap@poneyhot.org>
wrote:
>There is for example timestamp.verisign.com, but there is
>no documentation or description of it whatsoever.
>From European world plagued with qualified electronic signature
disease - timestamp servers usually are compatible with RFC 3161
"Time-Stamp Protocol (TSP)" that works over HTTP, but since they
don't want to provide free timestamping for anyone they're using
various techniques to limit usage of this service.
I've seen two techniques to do this. One was allowing only TSP
request encapsulated in *signed* CMS (RFC 3369). So if you're
signing a document using qualified signature AND timestamp you've
got to enter PIN twice - one for document signature, one for TSP
transport signature.
The other server was not requiring signed CMS, but instead silently
discarded signature requests from clients other that their own
software. It had something to do with TSP options probably, but I
didn't investigate any deeper.
--
Pawe Krawczyk
http://ipsec.pl
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
