|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
|
Last Update: May 13, 2008
-- Color Legend: RFC Editor Queue
/ Processed by IESG
/ ID Exists
/ Recently Expired
-- Each I-D name is a link to an I-D description, which points to a text version, a two-page and fit-in-window PDF version, as well as the IETF Tools' HTML version.
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
|
|
|
|
|
|
| The charter of the LTANS working group
is reported below.
|
|
|
|
In many scenarios, users need to be able to ensure and prove the
existence and validity of data, especially digitally signed data, in a
common and reproducible way over a long and possibly undetermined
period
of time.
Cryptographic means are useful, but they do not provide the whole
solution. For example, digital signatures (generated with a particular
key size) might become weak over time due to improved computational
capabilities, new cryptanalytic attacks might "break" a digital
signature algorithm, public key certificates might be revoked or
expire,
and so on.
Complementary methods covering potential weaknesses are necessary.
Long-term non-repudiation of digitally signed data is an important
aspect of PKI-related standards. Standard mechanisms are needed to
handle routine events, such as expiry of signer's public key
certificate
and expiry of trusted time stamp authority certificate. A single
timestamp is not sufficient for this purpose. Additionally, the
reliable
preservation of content across change of formats, application of
electronic notarizations, and subsequent notary services require
standard solutions.
The objective of the LTANS working group is to define requirements,
data
structures and protocols for the secure usage of the necessary archive
and notary services. First, the requirements for the long-term archive
will be collected. Based on that information we will develop a protocol
to access archive services supplying long-term non-repudiation for
signed documents and define common data structures and formats. Upon
completion of the archive-related specifications, we will address
'notary services' in a similar way. The term 'notary services' is not
clearly defined. The working group will determine which functions need
standards, including transformation of documents from one format to
another without losing the value of evidence, electronic notarization,
and further verification of legal validity of signed documents. We will
determine the needs via the requirements paper and act upon the results
accordingly.
Work done by the IETF Working Groups PKIX, S/MIME and XMLDSIG will be
used as the basis to define those structures and protocols. For
example,
the Internet-Drafts "Archive Time-Stamps Syntax (ATS)" and "Trusted
Archive Protocol (TAP)" and RFC 3029, "Data Validation and Certificate
Server Protocols (DVCS)", contain applicable concepts.
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
| | |
RFC4810
03/2007
(17 p.)
[html]
[pdf(2)] |
C. Wallace
U. Pordesch
R. Brandner |
|
Long-Term Archive Service Requirements |
|
There are many scenarios in which users must be able to prove the
existence of data at a specific point in time and be able to
demonstrate the integrity of data since that time, even when the
duration from time of existence to time of demonstration spans a
large period of time. Additionally, users must be able to verify
signatures on digitally signed data many years after the generation
of the signature. This document describes a class of long-term
archive services to support such scenarios and the technical
requirements for interacting with such services.
|
|
|
|
|
|
|
|
|
|
|
| | |
RFC4998
08/2007
(32 p.)
[html]
[pdf(2)] |
T. Gondrom
R. Brandner
U. Pordesch |
|
Evidence Record Syntax (ERS) |
|
In many scenarios, users must be able prove the existence and
integrity of data, including digitally signed data, in a common and
reproducible way over a long and possibly undetermined period of
time. This document specifies the syntax and processing of an
Evidence Record, a structure designed to support long-term non-
repudiation of existence of data.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
| | |
ltans-ers-scvp-06
In Last Call
Feb 14, 2008
(17 p.)
[pdf(2)]
[html]
|
C. Wallace |
|
Using SCVP to Convey Long-term Evidence Records |
|
The Simple Certificate Validation Protocol (SCVP) defines an
extensible means of delegating the development and validation of
certification paths to a server. It can be used to support the
development and validation of certification paths well after the
expiration of the certificates in the path by specifying a time of
interest in the past. The Evidence Record Syntax (ERS) defines
structures, called evidence records, to support non-repudiation of
existence of data. Evidence records can be used to preserve
materials that comprise a certification path such that trust in the
certificates can be established after the expiration of the
certificates in the path and after the cryptographic algorithms used
to sign the certificates in the path are no longer secure. This
document describes an application of SCVP to serve this purpose using
the WantBack feature of SCVP to convey evidence records.
|
|
|
| |
| Up List |
Intended Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
|
|
| | |
ltans-dssc-02
ID Exists
Mar 10, 2008
(38 p.)
[pdf(2)]
[html]
|
T. Kunz
S. Okunick
U. Pordesch |
|
Data Structure for Security Suitabilities of Cryptographic Algorithms (DSSC) |
|
In many application areas it must be possible to prove the existence
and integrity of digital signed data. This proof depends on the
security suitability of the used cryptographic algorithms. Because
algorithms can become weak over the years, it is necessary to
periodically evaluate these security suitabilities. When signing or
verifying data, these evaluations must be considered. This document
specifies a data structure for security suitabilities of
cryptographic algorithms which may be automatically interpreted.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
ltans-ltap-06
ID Exists
Nov 17, 2007
(11 p.)
[pdf(2)]
[html]
|
A. Jerman Blazic
P. Sylvester
C. Wallace |
|
Long-term Archive Protocol (LTAP) |
|
This document describes a service operated as a trusted third party
to securely archive electronic documents called a long-term archive
service (LTA). We describe an architecture framework and a protocol
allowing clients to interact with such a service. Bindings to
concrete transport and security protocol layers are given.
|
|
|
| |
| Up List |
Intended Status: | Experimental |
|
|
|
|
|
|
|
|
| | |
ltans-validate-02
ID Exists
Nov 17, 2007
(11 p.)
[pdf(2)]
[html]
|
T. Gondrom |
|
Validation and long term verification data for Evidence Records and signed documents |
|
Digitally signed documents and data in a LTANS service receive the
signature renwal procedures and non-repudiation services. As
documents can be stored for very long (theoretically inifinite)
times, it is very important to understand which data is and will be
necessary for the verification of the contained digital signatures
and the applied timestamps and the evidence records. This document
shall describe various pieces of information which SHOULD and MUST be
provided to effectively verify evidence records and their protected
data and signatures.
|
|
|
| |
| Up List |
Intended Status: | Informational |
|
|
|
|
|
|
|
|
| | |
ltans-xmlers-01
ID Exists
Dec 2, 2007
(36 p.)
[pdf(2)]
[html]
|
A. Jerman Blazic
S. Saljic
T. Gondrom |
|
Extensible Markup Language Evidence Record Syntax |
|
In many scenarios, users must be able to demonstrate the (time)
existence, integrity and validity of data including signed data for
long or undetermined period of time. This document specifies XML
syntax and processing rules for creating evidence for long-term non-
repudiation of existence of data. ERS-XML incorporates alternative
syntax and processing rules to ASN.1 ERS syntax by using XML
language.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
## LTANSwg
##
##
##
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
|
|
