1 / 5

draft-ietf-ltans-validate-03

July 30, 2010 1300-1400 IETF 78 – Maastricht T. Gondrom S. Fischer-Dieskau. draft-ietf-ltans-validate-03. draft-ietf-ltans-validate-03. Informational

bian
Télécharger la présentation

draft-ietf-ltans-validate-03

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. July 30, 2010 1300-1400 IETF 78 – Maastricht T. Gondrom S. Fischer-Dieskau draft-ietf-ltans-validate-03

  2. draft-ietf-ltans-validate-03 • Informational • Describes verification data that should be integrated into signatures/timestamps, when they should be acquired and how to include them in the archived structures to ensure long-term verification of signatures (recommendations)

  3. draft-ietf-ltans-validate-03 • Topics: • Types of trust centers (fully trusted - partially trusted) • Explain Layer model vs. chain model • Algs in all certs are still secure: mandatory • No cert has been revoked: mandatory • Certs in chain to root are all not expired: ?? (the first must obviously be valid, but does expiry of higher certs impact validity of lower cert signatures?) • List of verification data • certificates of all • parties involved in the issuance of the time stamp certificate, • Certificate Revocation Lists (CRLs) and/or OCSP responses are needed.

  4. draft-ietf-ltans-validate-03 • List of verification data: • Cert of signature/timestamp • For protected signatures: All certs up to root • For used timestamps: all certs up to root • OCSP or CRLs (technical implications of using CRL on retrieval due to “gray time” until revocation) • Fully trusted TSAs can ensure out-of-band communication of breaches (public interest) and thus allow to ommit OCSP/CRL and be sufficient with only full Cert chain.

  5. draft-ietf-ltans-validate-03 • Course of action: • Drop document? • Integrate document into ari? • Submit? • Get cross review of PKIX? • (posted to their mailing-list but so far no answer)

More Related