Best practices: time-stamps comments from Juan Carlos Cruellas on 2008-05-20 (public-xmlsec-maintwg@w3.org from May 2008)

From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
Date: Tue, 20 May 2008 14:04:33 +0200
To: xml-sec <"public-xmlsec-maintwg"@w3.org>, Juan Carlos Cruellas <cruellas@ac.upc.edu>
Message-ID: <4832BE51.2060400@ac.upc.edu>

Dear all,

Some comments on time-stamps best practices.

1. I suggest to substitute the text: "DSS Profiles contain timestamps" 
by some text that provide some hints on XAdES way of using time-stamping 
for long term signatures and how DSS profiles deal with the request and 
verification of such issues.

Proposed text:

"ETSI has produced TS 101 903: "XML Advanced Electronic Signatures 
(XAdES)", which among other ones, deals with the issue of long-term 
electronic signatures. It has defined a standard way for incorporating 
time-stamps to XML signatures. In addition to the signature time-stamp, 
which should be generated soon after the generation of the signature, 
other time-stamps may be added to the signature structure protecting the 
validation material used by the verifier. Recurrent time-stamping (with 
stronger algorithms and keys) on all these items, i.e., the signature, 
the validation material and previous time-stamps counters the revocation 
of validation data and weaknesses of cryptographic algorithms and keys.

OASIS DSS core specifies a XML format for time-stamps based in XML Sig. 
In addition DSS core and profiles allow the generation and verification 
of signatures, time-stamps, and time-stamped signatures by a centralized 
server"

2. Best practice 14.
This reads: "Nonce and timestamp must be signature protected."

Is this correct? I have the impression taht in this section we are 
speaking of time-stamps of signatures, ie, time-stamps generated after 
the signature has been produced so that we may prove that at certain 
point of time the signature already existed; how the time-stamp could be 
protected by this signature? In addition, a time-stamp  is a secure 
piece of information: by the TSA's signature (RFC3161 or the DSS 
time-stamp) or because of the linking mechanism.

Reading what comes before this text:

"Nonces and passwords must fall under at least one signature to be 
effective. In addition, the signature should include at least a critical 
portion of the message payload, otherwise an attacker might be able to 
discard the timestamp and its signature without arousing suspicion.


I have the impression that the  Best practice 14 text should be:
"Nonce and passwords must be signature protected."


Regards

Juan Carlos.
Best Practice 14:

Received on Tuesday, 20 May 2008 12:05:13 UTC